Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Cyber risks inherent in NextGen transition, GAO warns
Cyber risks inherent in NextGen transition, GAO warnsBy Mark Pomerleau
Apr 27, 2015
The Federal Aviation Administration’s efforts to modernize the nation’s air traffic control systems really are like rebuilding a plane in mid-flight. And now the cybersecurity vulnerabilities inherent in the move to a connected airspace have been detailed in a report from the Government Accountability Office.
The FAA’s 40-year-old air traffic control system, Host, uses point-to-point, ground based radar to connect each communication unit across the network. Under this system, computers and communication devices are connected by wires, passing information from point to point, which limits overall network connectivity.
To address the limits of a pre-Internet system, the FAA’s NextGen “call[s] for the new information systems to be networked together with IP technology into an overarching system of interoperating subsystems,” the GAO said. That means the new system would “allow any controller, anywhere, to see any plane in US airspace. In theory, this would enable one air traffic control center to take over for another with the flip of a switch,” wrote Sara Breslor for Wired.
....
Smartphone-toting passengers introduce an additional vulnerability to an IP-networked system. Mobile devices that connect to the Internet could be providing a gateway for hackers to gain access to FAA networks and avionics systems. “Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors,” GAO said. Malware or viruses picked up from websites visited by passengers on their mobile devices in flight or attached to emails can compromise the entire system, according to a cybersecurity expert cited by GAO.
Apr 27, 2015
The Federal Aviation Administration’s efforts to modernize the nation’s air traffic control systems really are like rebuilding a plane in mid-flight. And now the cybersecurity vulnerabilities inherent in the move to a connected airspace have been detailed in a report from the Government Accountability Office.
The FAA’s 40-year-old air traffic control system, Host, uses point-to-point, ground based radar to connect each communication unit across the network. Under this system, computers and communication devices are connected by wires, passing information from point to point, which limits overall network connectivity.
To address the limits of a pre-Internet system, the FAA’s NextGen “call[s] for the new information systems to be networked together with IP technology into an overarching system of interoperating subsystems,” the GAO said. That means the new system would “allow any controller, anywhere, to see any plane in US airspace. In theory, this would enable one air traffic control center to take over for another with the flip of a switch,” wrote Sara Breslor for Wired.
....
Smartphone-toting passengers introduce an additional vulnerability to an IP-networked system. Mobile devices that connect to the Internet could be providing a gateway for hackers to gain access to FAA networks and avionics systems. “Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors,” GAO said. Malware or viruses picked up from websites visited by passengers on their mobile devices in flight or attached to emails can compromise the entire system, according to a cybersecurity expert cited by GAO.
