Hackers Broke Into FAA Air Traffic Control Systems

PL/SQL Guy writes "Hackers have repeatedly broken into the air traffic control mission-support systems of the US Federal Aviation Administration, according to an Inspector General report sent to the FAA this week, and the FAA's increasing use of commercial software and Internet Protocol-based technologies as part of an effort to modernize the air traffic control systems poses a higher security risk to the systems than when they relied primarily on proprietary software, the report said. Intrusion detection systems (IDS) are deployed at only 11 of hundreds of air traffic control facilities. In 2008, more than 870 cyber incident alerts were issued to the organization responsible for air traffic control operations and by the end of the year 17 percent (more than 150 incidents) had not been remediated, 'including critical incidents in which hackers may have taken over control' of operations computers, the report said."

I guess this is what happens

when 4chan goes down for a week. Seems that keeping that site running is a matter of national security!

Someone call Jack Bauer

They have the CIP device.

Well that would explain

[mandark1967]

Why my last 4 flights arrived on time.

Missing Forest for the Trees?

[PK+Tech+Guy]

from the CNET article "Last year, hackers took control of FAA critical network servers and could have shut them down, which would have seriously disrupted the agency's mission-support network, the report said"

"However, Brown dismissed the notion that hackers could get access to critical air traffic control operational systems."

It's OK everybody, the hacker's have shut down the network but they havent gained any critical access.

Re:Question

[Rich0]

I believe in defense in depth. Even though the guards inside the castle may be trained to password challenge everybody walking around and check coats of arms, it never hurts to raise the drawbridge when there isn't anybody using it and there is a besieging army.

Sure, have firewalls all over the place, but any route into and out of the network itself needs to be HIGHLY secure. NOTHING goes IN or even OUT without a reason. Nothing wrong with the airport having a flight status board, but you have the ATC central database polled by some central server which generates an xml digest of the important info and have it dump that data across a serial line (transmit only) to another server which then puts it onto a webserver which the airports can parse. Flight plan requests come into some intermediate server on the internet (but well secured). That server validates the requests and sends xml files to some intermediate server (perhaps over serial) which otherwise isn't on any network. That server re-validates the input and then makes it available to a more trusted server that then does the application logic.

Of course the internal network has a firewall at every WAN connection that only passes the minumum defined data to make the system work. That still doesn't mean that you shouldn't keep the actual traffic on the mission critical network down to the minumum necessary. There shouldn't be a single packet on that ATC network that doesn't originate from an FAA-validated piece of software. Any connection to the outside should be sanitized, and they should be few in number.

This isn't about being smarter than the hackers - it is about being thorough and having a fully specified architecture.

Obligatory

[plaxion]

"Where do you want to go today?"