Users login

Create an account »


Users login

Home » Hacking News » US air traffic control open to attack

US air traffic control open to attack

by Nikola Strahija on October 18th, 2004 The Federal Aviation Administration has to examine computer security at air traffic control centers all around the country, due to a government audit that found the systems insufficiently secured against cyber attacks.

All together, auditors have proven that the FAA hadn't adequately secured computers running at the 20 "en route centers" that direct high-altitude traffic nationwide.

The biggest complaint was that the FAA's security certification process was "limited to developmental systems located at FAA's Technical Center computer laboratory", and overlooked the systems once they were deployed, including some major operational air traffic control systems such as en route, approach control, and airport terminal facilities. Also, FAA indeed checked vulnerabilities on major computer servers but not on end-user computers, so that tens of thousands of workstations on its networks have been left with no inspection.

This is not the first bad review FAA computer systems got. For example, in 1998 congressional investigators first reported on pervasive weaknesses in the air traffic control network, and claimed to have found evidence that some systems had been
penetrated and critical data compromised. In 2000, a GAO report criticized the FAA for not performing background checks on IT contractors, failing to install intrusion detection systems, and not performing adequate risk assessments and penetration tests on agency systems. In 2002, hackers penetrated an administrative FAA system and downloaded unpublished information on airport passenger screening activities.

FAA, on contrary, states they have made significant progress in its information security program but admit that more needs to be done, so they will perform security certification reviews of all operational air traffic control systems within three years. FAA will also develop a contingency plan to restore essential air service during a prolonged disruption at an en route facility.

Though not mentioned in the report, last month the public got a harsh glimpse of
the havoc such a disruption might cause when the computer controlling a sophisticated radio system crashed at the Los Angeles Enroute Air Traffic Control Center in Palmdale, California. Controllers were unable to communicate with aircraft for three hours, resulting in hundreds of flights being grounded and five cases of airplanes drifting closer to each other than safety regulations permit. The papers reported that the outage was the result of a worker neglecting to perform a monthly reset of a Windows-based control system, resulting in its automatic shutdown after 49.7 days of operation. A backup system also failed.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »