DOT Inspector General's Audit Report Criticizes FAA Cyber Security

Courtesy from SANS Newsletter Vol. 11 Num 36

According to an audit report from the US Department of Transportation Office of the Inspector General, the country's air traffic control systems have been breached and continue to be vulnerable to cyber attacks.  The intruders gained access to personnel records and network servers.  The attacks affected Federal Aviation Administration (FAA) support systems, but the report says that they have the potential to spread to systems involved directly in air traffic communications, surveillance and flight information.  The audit noted more than 750 high risk vulnerabilities in web applications used at the agency.  It also found a lack of adequate intrusion detection and that the agency failed to manage cyber security incidents in a timely manner.  The FAA responded to the report by noting that support systems and operational systems are not connected; the agency did agree that stronger security measures need to be implemented.
READ MORE