Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] FAA air-traffic systems lack cyberprotections, GAO finds

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] FAA air-traffic systems lack cyberprotections, GAO finds
Date: Tue, 27 Sep 2005 01:10:15 -0500 (CDT) 
Forwarded from: William Knowles <wk@c4i.org>

http://www.gcn.com/vol1_no1/daily-updates/37127-1.html

By Rob Thormeyer 
GCN Staff
09/26/05 

Air-traffic control systems operated by the Federal Aviation
Administration contain significant cybersecurity weaknesses and 
are vulnerable to attack, according to a recent report [1] from 
the Government Accountability Office.

In the report, GAO concluded that the agency has not completely
implemented information security programs that protect its systems
from cyberattack.

"FAA has made progress in implementing information security for its
air traffic control systems by establishing an agencywide information
security program and addressing many of its previously identified
security weaknesses; however, it still has significant weaknesses that
threaten the integrity, confidentiality and availability of its
systems - including weaknesses in controls that are designed to
prevent, limit and detect access to those systems," the report said.

FAA officials admit the weaknesses exist, but contend that because
parts of their systems are custom-built with older equipment,
special-purpose operating systems and proprietary communication
interfaces, chances for unauthorized access are limited, according to
the report.

"Nevertheless, the proprietary features of these systems do not
protect them from attack by disgruntled current or former employees
who understand these features, or from more sophisticated hackers,"  
the report added.

GAO recommended that the agency address the following weaknesses:  
outdated security plans, inadequate security awareness training,
inadequate system testing and evaluation programs, limited security
incident-detection capabilities and shortcomings in providing service
continuity for disruptions in operations.

In response, FAA officials said they will consider the recommendations, 
but also stated that the report is not indicative of the agency's
security systems.

Meanwhile, Rep. Tom Davis (R-Va.), who chairs the House Government
Reform Committee that asked for the report, said FAA must address the
recommendations. "Given the ever-evolving nature of cyberthreats and
the thought of someone with malicious intent accessing FAA's IT
systems, complacency is not an option," he said.

[1] http://www.gao.gov/new.items/d05712.pdf



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



_________________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] FAA air-traffic systems lack cyberprotections, GAO finds, InfoSec News <=
Previous by Date:  [ISN] Password rule change tightens account security, InfoSec News
Next by Date:  Re: [ISN] Oracle CEO Touts Security Plans, InfoSec News
Previous by Thread:  [ISN] Password rule change tightens account security, InfoSec News
Next by Thread:  [ISN] Linux Security Week - September 26th 2005, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]