US proposes ways to protect its air traffic control from cyberattacks

5 Mar 2015

The US government accountability office (GOA) has found the country’s air traffic control system could do with a bit of cybersecurity, listing ways to improve its defences.

The GOA has pretty much slammed the US Federal Aviation Administration (FAA), claiming that despite attempts, it has yet to address some concerns.

These include “weaknesses in controls intended to prevent, limit, and detect unauthorised access to computer resources, such as controls for protecting system boundaries, identifying and authenticating users, authorizing users to access systems, encrypting sensitive data, and auditing and monitoring activity on FAA’s systems.”

Comprehensively unprepared for cyberattacks, if you will.

Not just that, apparently the FAA didn’t even roll out its agency-wide information security programme, which had been brought in as a requirement well over a decade ago.

This all means that the hundreds of FAA towers throughout the US are at risk, and thousands of daily flights are at risk.

Air Traffic

GOA’s illustration of the US air traffic system

The GOA claims the FAA needs to act sharpish and implement security controls and establish “stronger” risk management processes, as well as ensure “remedial actions” are addressed quite quickly.

“The weaknesses GAO identified are likely to continue, placing the safe and uninterrupted operation of the nation’s air traffic control system at increased and unnecessary risk,” said the organisation in a statement.

According to a report by Arstechnica, US senators are already up in arms and the US department of transportation has said the FAA has admitted these issues and is taking steps to improve its security.

Washington Dulles International Airport image via Shutterstock

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com