Air Traffic Systems Vulnerable to Cyber Attack

Technology.am (May 7, 2009) — A report says America’s air traffic control systems are vulnerable to cyber attacks, and support systems have been breached in recent months to allow hackers access to personnel records and network servers.

1-air-traffic-systemAlthough most of the attacks disrupted only support systems, they could spread to the operational systems that control communications, surveillance and flight information used to separate aircraft.

The report noted several recent cyber attacks, including a February incident, in which hackers gained access to personal information on about 48,000 current and former FAA employees, and an attack in 2008 when hackers took control of some FAA network servers.

Auditors said the Federal Aviation Administration is not able to detect potential cyber security attacks adequately, and it must secure its systems better against hackers and other intruders.

“In our opinion, unless effective action is taken quickly, it is likely to be a matter of when, not if, air traffic control (ATC) systems encounter attacks that do serious harm to ATC operations,” the auditors said.

In response to the findings, FAA officials stressed that the support systems and traffic control networks are separated. They agreed, however, that more aggressive action should be taken to secure the networks and secure high-risk vulnerabilities.

Officials tested Internet-based systems that are used to provide information to the public such as communications frequencies for pilots, as well as internal FAA computer systems. The tests found almost 4,000 “vulnerabilities,” including 763 viewed as “high risk.” The vulnerabilities including weak passwords, unprotected file folders and other software problems.

The weaknesses could allow hackers or internal FAA workers to gain access to air traffic systems, and possibly compromise computers there or infect them with malicious codes or viruses, the audit warned.

In its response to the audit, the FAA said corrective actions already are being taken, and others should be in place in the coming months.

Leave a Reply

Your email address will not be published. Required fields are marked *