The US government accountability office (GOA) has found the country’s air traffic control system could do with a bit of cybersecurity, listing ways to improve its defences.
The GOA has pretty much slammed the US Federal Aviation Administration (FAA), claiming that despite attempts, it has yet to address some concerns.
These include “weaknesses in controls intended to prevent, limit, and detect unauthorised access to computer resources, such as controls for protecting system boundaries, identifying and authenticating users, authorizing users to access systems, encrypting sensitive data, and auditing and monitoring activity on FAA’s systems.”
Comprehensively unprepared for cyberattacks, if you will.
Not just that, apparently the FAA didn’t even roll out its agency-wide information security programme, which had been brought in as a requirement well over a decade ago.
This all means that the hundreds of FAA towers throughout the US are at risk, and thousands of daily flights are at risk.
GOA’s illustration of the US air traffic system
The GOA claims the FAA needs to act sharpish and implement security controls and establish “stronger” risk management processes, as well as ensure “remedial actions” are addressed quite quickly.
“The weaknesses GAO identified are likely to continue, placing the safe and uninterrupted operation of the nation’s air traffic control system at increased and unnecessary risk,” said the organisation in a statement.
According to a report by Arstechnica, US senators are already up in arms and the US department of transportation has said the FAA has admitted these issues and is taking steps to improve its security.
Washington Dulles International Airport image via Shutterstock
