The Flight of the Virus
It’s comforting to think whilst your aircraft is in a stacking pattern over an international airport awaiting final approach, there’s a bunch of geeks out there trying to hack into air traffic control computers.
The durability of the U.K. air traffic control systems when it comes to fighting off hackers has been questioned on quite a few occasions, but it seems that the U.S. are a little more forthcoming when it comes to dishing out information on the threats involved.
A recent U.S. report given to The Federal Aviation Administration has highlighted critical vulnerabilities in the software of their systems and brought to light a large number of “cyber incidents” which could not be properly explained, or resolved.
The report was complied by top accountants KPMG and the Office of the Inspector General for the U.S. Department of Transportation. It concluded that there were a total of 763 high risk security issues in key web servers. There were also a further 3,000 other security issues, including incorrectly patched software, vulnerable software sections and web applications that had not been correctly configured.
What this translates to is a major risk of authorised access by hackers into FAA systems that control vital data and also air traffic control systems. The engineers behind the report actually used their findings to demonstrate the lax security by launching their own attack and gaining access to the Traffic Control Management System, a control tower and a weather system.
Hackers have hit the FAA systems a number of times, one of the worst coming in 2008 when they targeted the domain controllers which could have disrupted the ATC mission support network.
The FAA of course is not alone in being accused of a relaxed attitude to cyber attacks. President Obama has pledged a general review and improvement across many U.S. government departments as doubts were voiced over their ability to withstand hackers.
The report came up with a number of key recommendations, including enhancing intrusion detection systems, tightening up security on web applications and improving the implementation of software patches.
Accepting the main thrust of the report, the FAA did say in mitigation that the air-control systems are not connected to either the administration systems (where the main vulnerabilities are found), or the internet.
Guest Article by Neil Camp
Related posts:
My name is Alan Potts and I'm the Editor of the Antivirus-BUYability web site and Managing Director of BUYability Limited. You can connect with me or keep up to date with new posts on this blog via the following social media sites: 
