Wednesday, March 04, 2015

Government finds the FAA is vulnerable to hacks

Source: http://www.engadget.com/2015/03/04/the-faa-is-vulnerable-to-hacks/

UPGRADES TO DIA

On the scale of extremely disconcerting government revelations, this isn't PRISM, but damn if it isn't alarming. The Government Accountability Office (GAO) released a scathing report on the Federal Aviation Administration's (FAA) air traffic control systems. The FAA is basically just asking to be hacked thanks to its lackadaisical approach to security and software updates. Things are so bad, that relying on servers that have past their "end-of-life" date is probably the least concerning revelation made by the GAO. The government also found that FAA employees were sharing passwords through unencrypted communications channels, and had failed to patch out of date software with three-year-old security flaws.

The GAO report states right off the bat that, despite the FAA's efforts to improve security "significant security control weaknesses remain, threatening the agency's ability to ensure the safe and uninterrupted operation of the national airspace system." Any effort to prevent, detect or combat an intrusion by hackers is basically undermined by the agency's failure to fully implement a security program required under a law passed in 2002.

If you're not alarmed by all this, you should be. Think about it: This is the agency in charge of directing traffic for over 2,000 planes in the air at any given moment. (Planes, you know, the metal tubes hurtling through the sky at hundreds of miles an hour, each filled living human beings.) And they're relying on hardware that isn't supported by the manufacturer and left security flaws with simple fixes go unpatched for three years.

Senators John Thune and Bill Nelson were among those who quickly demanded answers from the FAA and the Transportation Department. So far the response has been disappointing, with the FAA saying its working on the problem, but offering little in the way of concrete solutions.

Filed under:

Comments

Via: Ars Technica

Source: GAO

Posted by Augustine at 4:32 PM