ATC Network is the leading online platform for ATC Professionals worldwide

What else is on ATC Network?

What is ATC Network?

US Government audit shows Air Traffic Control systems security lacking

A research project recently carried out by the US Dpeartment of Transport found many support systems to the ATC systems of the USA vunerable to possible to attack.
The study was deemed necessary to carry out due to the increasing use of commercial software and Internet Protocol based technologies by the FAA for its support systems. KPMG carried out the audit looking specifically at vulnerability assessment and penetration testing on selected Web applications used in supporting ATC operations. Their work was supported by the Deprtment of Transport's own records of reported cyber security incidents in the recent past. The DOT also carried out the second objective of the audit which was to look into the FAA's capability of detecting security breaches and it's effectiveness in monitoring ATC cyber-security incidents. The audit concluded that "Web applications used in supporting ATC systems operations are not properly secured to prevent attacks or unauthorized access. In addition, FAA has not established adequate intrusion-detection capability to monitor and detect potential cyber security incidents at ATC facilities." 70 web applications were tested, some used for public information i.e AIS applications and some supporting internal ATC systems. The report discovered a total of 763 high-risk, 504 medium-risk, and 2,590 low-risk vulnerabilities. You can view the complete report at the following link Review of Web Applications Security and Intrusion Detection in Air Traffic Control Systems
Contact
ATC Network
From
ATC Network
Website
www.atc-network.com
Date

Comments

There are no comments yet for this item

Join the discussion

You can only add a comment when you are logged in. Click here to login