DOT security audit shows ATC systems vulnerable, incidents not addressed

From Information Week:

The Transportation Department report states that auditors from KPMG and the Office of the Inspector General tested 70 Web applications, 35 used by the FAA to disseminate information over the Internet and 35 used internally to support air traffic control systems. The security audit found a total of 763 high-risk, 504 medium-risk, and 2,590 low-risk vulnerabilities, such as weak passwords and unprotected folders.

Beyond the issue of poorly configured, buggy Web applications, the report also found that the air traffic control systems are woefully unprotected by intrusion-detection systems. Only 11% of air traffic control facilities have IDS sensors, the report states, and none of those IDS sensors monitors air traffic control operational systems; instead, they monitor mission-support systems, such as e-mail servers.

In 2008, more than 800 cyberincident alerts were issued to the Air Traffic Organization, which oversees air traffic control operations. At the end of that year, 17% of those incidents (150), some designated critical, had not been addressed.

Bush: Radar-based ATC ‘doesn’t make sense’

President Bush visited DOT headquarters in Washington today, where he praised Secretary Mary Peters for her service and announced several initiatives related to aviation and passenger air travel. One part of the package: an executive order (full text here) creating a multi-agency task force to ensure that NextGen is implemented in a “safe, secure, timely, environmentally sound, efficient, and effective manner.”

The order requires the Transportation Secretary to establish an office within 60 days, and to convene an advisory committee within 180 days.

Here are the President’s remarks about air traffic management:

There’s a lot more work to be done. For example, at an age when teenage drivers use GPS systems in their cars, air traffic controllers still use World War II-era radar to guide modern jumbo jets. That doesn’t seem to make any sense to me, and I know it doesn’t make sense to the Secretary and a lot of folks in this audience. Modernizing our aviation system is an urgent challenge. So today, I’m signing an executive order that makes this task a leading priority for agencies across the federal government.

Mr. Bush also scolded members of Congress, appearing to direct his remarks to the Transportation and Infrastructure Committee, which will consider several key bills in 2009.

Members of Congress have responsibilities. As they take up the next highway and aviation bills in the coming year, they should adhere to a few principles. They should harness the power of the free market through policies like congestion pricing, which uses the laws of supply and demand to reduce traffic on our roads and in the air.

They should ensure that taxpayer funds for transportation are allocated based on the true needs of the American people, not spent on wasteful earmarks or the political demands of influential lobbies.

They should provide incentives for the private sector to develop new technologies, invest in our infrastructure, and help make our transportation system worthy of the 21st century.

Just a little advice.