Could your airplane be hacked? A federal watchdog is afraid so.
The National Airspace System that controls America’s airports and air traffic control centers is vulnerable to cyber attacks – and the Federal Aviation Administration has not done enough to address the weaknesses.
This could set up a potentially dangerous situation for pilots and passengers,
since hackers could gain access to the system and tamper with or disrupt air traffic control operations, a disturbing new report out Monday from the Government Accountability Office says.
The GAO reviewed the security of the FAA’s massive National Airspace System (NAS) and found that the agency failed to use strong password controls, leaving the system with “significant security control weaknesses.”
In their 42-page report, the auditors added, “As a result, FAA is at increased risk that accounts could be compromised and used by unauthorized individuals to access sensitive information or systems.”
The GAO said the FAA’s security systems didn’t meet federal standards. Its strategic cyber security plan has also not been updated in at least five years. Since it’s outdated, it doesn’t account for newer technology used to launch cyber hacks.
“These shortcomings put the national airspace systems at increased and unnecessary risk of unauthorized access, use, or modification that could disrupt air traffic control operations,” the report says.
The GAO also faulted the agency for not properly training its cyber security workers to respond in the event of a breach. It said some workers “may not recognize and respond appropriately to potential security threats and vulnerabilities.”
Though the GAO credited the agency for making several improvements, it stressed it must go further. “Although FAA has taken steps to safeguard its air traffic control systems, significant security control weaknesses remain in NAS systems and networks threatening the agency’s ability to adequately fulfill its mission.”
The watchdog made 17 public recommendations, including improving the training of cyber security employees, more clearly identifying and resolving issues, and strengthening security controls and agency protocol. Additional recommendations about specific security problems and 168 actions that should be taken by the agency to address those have not been made public.
“The agency is fully cognizant of the vital requirement to secure the National Airspace System cyber environment as part of the nation's critical infrastructure,” Acting Assistant Secretary for the FAA, Keith Washington, wrote in response to the GAO’s findings.
Top Reads from The Fiscal Times: