The U.S. system for guiding planes is open to vulnerabilities from outside hackers, according to the Government Accountability Office.
The weaknesses that threaten the FAA’s ability to ensure flight safety include a failure to patch known three-year-old security holes, the transmission and storage of unencrypted passwords, and the continued use of "end-of-life" key servers.
The GAO said that problems within the system that monitors up to 2,850 flights at a time means the air traffic system is exposed to an "increased and unnecessary risk of unauthorized access, use or modification that could disrupt air traffic control operations." The report also said the FAA "did not always ensure that sensitive data were encrypted
|
when transmitted or stored," including stored passwords and "authentication data."
The public's safety is in jeopardy until there's a fix to the system used at approximately 500 airport control towers, the GAO said.
"Until FAA effectively implements security controls, establishes stronger agency-wide information security risk management processes ... the weaknesses GAO identified are likely to continue, placing the safe and uninterrupted operation of the nation's air traffic control system at increased and unnecessary risk."
For more of the Ars Technica story: arstechnica.com
|