Cyber risks inherent in NextGen transition, GAO warns
Cyber risks inherent in NextGen transition, GAO warns
By Mark Pomerleau
Apr 27, 2015
The Federal Aviation Administrations efforts to modernize the nations air traffic control systems really are like rebuilding a plane in mid-flight. And now the cybersecurity vulnerabilities inherent in the move to a connected airspace have been detailed in a
report from the Government Accountability Office.
The FAAs 40-year-old air traffic control system, Host, uses point-to-point, ground based radar to connect each communication unit across the network. Under this system, computers and communication devices are connected by wires, passing information from point to point, which limits overall network connectivity.
To address the limits of a pre-Internet system, the FAAs NextGen call[s] for the new information systems to be networked together with IP technology into an overarching system of interoperating subsystems, the GAO said. That means the new system would allow any controller, anywhere, to see any plane in US airspace. In theory, this would enable one air traffic control center to take over for another with the flip of a switch, wrote Sara Breslor for
Wired.
....
Smartphone-toting passengers introduce an additional vulnerability to an IP-networked system. Mobile devices that connect to the Internet could be providing a gateway for hackers to gain access to FAA networks and avionics systems. Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors, GAO said. Malware or viruses picked up from websites visited by passengers on their mobile devices in flight or attached to emails can compromise the entire system, according to a cybersecurity expert cited by GAO.