 |
|
| technology > computing |
![[CNN Money]](http://i.cnn.net/cnn/images/main/fn.logo.newsnet.gif){kind=logo}
![[SI.com]](http://i.cnn.net/cnn/images/main/si.logo.gif){kind=logo}
( | |
 |
|
| |
| |
EDITIONS: | |
MULTIMEDIA: | |
E-MAIL: |
Subscribe to one of our news e-mail lists. Enter your address: |
DISCUSSION: |
CNN WEB SITES: |
 |
TIME INC. SITES: |
CNN NETWORKS: |
|
SITE INFO: |
WEB SERVICES: |
FAA faces more criticism for computer security failings
|
(IDG) -- The Federal Aviation Administration continues to face harsh criticism in Congress for failing to do background security checks on many of its contract workers, some of whom were hired to conduct penetration testing of the agency's computer systems.
The FAA's computer security practices were again faulted in a report by the General Accounting Office that was released earlier this week at a House Science Committee hearing. The report -- the third issued on the matter by the GAO since late last year -- reiterated allegations that the FAA is at risk of "undue exposure to intrusions and malicious attacks on its facilities, information and resources."
 | MESSAGE BOARD | |
|
| ||
Science Committee Chairman James Sensenbrenner (R-Wis.) charged at the hearing that the FAA is putting national security at risk by hiring foreign nationals from countries that "harbor ill will" toward the U.S. without doing appropriate background checks. "These unknown individuals have been allowed to gain knowledge about FAA's sensitive computer codes and systems," Sensenbrenner said.
But the "most shocking" security lapse by the agency has been its use of contractors who don't have security clearances in testing of the potential for penetrating its systems, Sensenbrenner added. "These are the people who are using their best efforts to try to penetrate the system," he said.
| MORE COMPUTING INTELLIGENCE |
IDG.net home page
|
| Computerworld's home page |
| Federal agencies face grading on security readiness |
| Do Feds follow Web-privacy rules? |
| Closing the gap in end-user security |
| Reviews & in-depth info at IDG.net |
| E-BusinessWorld |
| TechInformer |
| Questions about computers? Let IDG.net's editors help you |
| Subscribe to IDG.net's free daily newsletter for IT leaders |
|
Search IDG.net in 12 languages |
| News Radio |
Fusion audio primers
|
|
Computerworld Minute
|
FAA chief Jane Garvey acknowledged the problems cited by the GAO and said the agency is correcting them. But she also told the committee that air traffic control systems are safe and have numerous built-in redundancies that could thwart any attacks. "We believe we have a very strong and a very secure system," she said.
An earlier GAO report, which was released in the spring, said the FAA had made progress on improving its computer security policies and procedures since an initial review was done last year. But the GAO added that the FAA still needs to do more, including the completion of required background checks "for a substantial number of contractor employees."
Like its predecessor, the report acknowledged the progress the agency has made but said many areas of concern remain. For example, the report said the FAA's own penetration testing and vulnerability assessments "demonstrate significant areas of weakness."
But the report, citing security concerns, wouldn't disclose details about where those problems lie. The Science Committee may hold a closed-door hearing in the future to get more specific information from the GAO.
At today's hearing, Kenneth Mead, inspector general at the U.S. Department of Transportation, testified that the FAA's air traffic control system is "relatively immune" from outside attacks because of its physical isolation from the rest of the agency's computer applications. But Mead added that the current level of security may be undermined by the FAA's massive program to modernize the mainframe-based air traffic control system.
Under that $1 billion-plus project, Mead said, the systems that manage air traffic control are due to be linked to administrative systems at the FAA, potentially opening them up to wider access. "Until the FAA gives assurances that this integrated network won't compromise data security, we don't think the FAA should go forward with that plan," he said.
Mead cited vulnerabilities with DOT systems not run by the FAA as evidence of systemic problems with open systems. For example, a team reviewing security at the DOT was able to gain access to 270 computers via an Internet connection, Mead said. Another 900 systems were deemed to be vulnerable to attack by insiders, he added.
RELATED STORIES:
Hackers reject $10,000 offer to break code
September 18, 2000
New denial-of-service attack tool uses chat programs
September 6, 2000
Chinese company throws down gauntlet to hackers
August 28, 2000
Surf-for-pay sites jeopardized by hackers
August 18, 2000
Hackers are naughty and nice at Def Con
August 3, 2000
RELATED IDG.net STORIES:
GAO: FAA making progress on security but still has more to do
(Computerworld)
Don't neglect desktop when it comes to security
(Computerworld)
Closing the gap in end-user security
(InfoWorld)
White House launches new federal government Web site
(Computerworld)
Do Feds follow Web-privacy rules?
(PC World)
Federal agencies face grading on security readiness
(Computerworld)
Researchers review Carnivore
(Computerworld)
Lockheed's new offering locates lost, stolen PCs
(NW Fusion)
RELATED SITES:
Federal Aviation Administration
General Accounting Office
Note: Pages will open in a new browser windowExternal sites are not endorsed by CNN Interactive.