The Federal Aviation Administration needs to do more to prevent hackers from “threatening the agency’s ability to ensure the safe and uninterrupted operation of the national airspace system,” according to a new report from the Government Accountability Office. The warning comes after President Barack Obama said the nation’s air traffic control systems need to be protected.
The 42-page GAO report, titled “Information Security: FAA Needs to Address Weaknesses in Air Traffic Control Systems,” was released Monday. It calls on the FAA to continue updating weaknesses in its critical computer systems.
“These include weaknesses in controls intended to prevent, limit, and detect unauthorized access to computer resources, such as control for protecting system boundaries, identifying and authenticating users to access systems, encrypting sensitive data, and auditing and monitoring activity on FAA’s systems,” the report said. “Additionally, shortcomings in boundary protection controls between less-secure systems and the operational [national airspace systems] environmental increase the risk from these weaknesses.”
GAO investigators found that the FAA’s information security protection strategy hasn’t been updated since 2012, and the current cybersecurity measures fail to live up to the mandate outlined in a 2002 law. Annual cybersecurity training, formulating a cohesive risk management strategy, and increasing incident response communication were among the 17 recommendations the GAO made.
“Until FAA effectively implements security controls, establishes stronger agency-wide information security risk management processes, fully implements its NAS information security program, and ensures that remedial actions are addressed in a timely manner, the weaknesses GAO identified are likely to continue, placing the safe and uninterrupted operation of the nation’s air traffic control system at increased and unnecessary risk,” the report stated.
Publication of the GAO report comes less than a month after Obama, in a speech on cybersecurity, said the idea of a Sony Pictures-like hack on an air traffic control system raises concerns about “new forms of vulnerability that we didn’t have before.”
“It’s one of the great paradoxes of our time that the very technologies that empower us to do great good can also be used to undermine us and inflict great harm,” he said.