US Air Traffic Control System Is Riddled With Vulnerabilities

An anonymous reader writes: A recently released report (PDF) by the U.S. Government Accountability Office has revealed that despite some improvements, the Federal Aviation Administration (FAA) still needs to quash significant security control weaknesses that threaten the agency's ability to ensure the safe and uninterrupted operation of the national airspace system (NAS). The report found that while the "FAA established policies and procedures for controlling access to NAS systems and for configuring its systems securely, and it implemented firewalls and other boundary protection controls to protect the operational NAS environment [...] a significant number of weaknesses remain in the technical controls—including access controls, change controls, and patch management—that protect the confidentiality, integrity, and availability of its air traffic control systems."

Ya Think?

[AltGrendel]

C'mon now.

Re:Ya Think?

[digsbo]

The FAA is one of a very few government agencies that takes its job seriously and focuses on quality. Honestly I hate government, but the FAA has been effective in promoting safety from the mechanical/traffic perspective. I'd trust them to take IT systems security seriously and delegate the work to competent engineers. Almost can't believe I'm saying this, but it would seem they have good workers.

Re:Ya Think?

[pete6677]

Is this why the entire nation's ATC system limped along at a severely reduced capacity when a single Chicago facility was taken offline for 3 weeks due to a single contractor cutting a few cables?

Re:Ya Think?

[bobbied]

A few cables? It was a LOT of cables actually and didn't he set a fire too? Also, didn't everybody get on the ground safely? I think they did their job...

Re:Ya Think?

[sumdumass]

Or when several airports where completely shut down because of a buggy windows update?

However, i'm not sure the lack of redundancy and failsafes for a specific function is a security issue. I do agre with the question being asked though.

Re:Ya Think?

[Lumpy]

When they dont have the money they need, they cant do squat. The entire ATC system has been underfunded even before the Reagan years.

Re:Ya Think?

[pete6677]

Getting everyone on the ground safely is the pilots' job. Keeping planes in the air safely is ATC's job.

Re:Ya Think?

[sabri]

Getting everyone on the ground safely is the pilots' job. Keeping planes in the air safely is ATC's job.

Nope. Once an aircraft is moving on the ground under its own power, the flight has started and the pilot in command has the ultimate responsibility and authority over the safety of the flight. A pilot in command can deviate from any rule, clearance or law to the extent necessary to ensure the safety of the flight.

Re:Ya Think?

[nonsecurity]

Sabri, your information is for general aviation flights operating under Part 91. For air carrier flights, that ultimate responsibility is shared between the pilot and the operator company. Safety, in particular separation of aircraft in the appropriate airspace is also a joint responsibility, that includes the air traffic control service provider.

Re:Ya Think?

[sabri]

Yeah, yeah, yeah. 14 CFR 91.3. Going by your logic, ATC has no job. Obviously, ATC's job is to safely operate the National Airspace System. 91.3 isn't going to get an airliner into a busy terminal through a layer of weather. When a pilot observes a conflict between an ATC clearance or regulation and the safety of flight, however, the pilot has the authority to deviate.

I don't think you get the idea behind 14 CFR 91.3.

Pilot makes mistake, pilot dies. Controller makes mistake, pilot dies. Pilot is the ultimate authority and thus has the ultimate responsibility over any flight. But he'll gladly take any help he can get.

I'm a big fan of ATC. I like flying in Bravo airspace. I like flight following when in Echo airspace. It helps me stay safe. But in the end, when I'm flying, I am flying.

Re:Ya Think?

[sabri]

You're just trying to impress everyone with you knowledge by pulling a regulation out of your hat.

Yes, this actually got me laid last night. Ain't that cool?

You actually need a damned compelling reason to exercise 91.3(b), which is why 91.3(c) exists. If you have been denied access to Class B / C / D (yep, they can deny you access), your engine quits, and you go gliding into the primary when you could have easily glided to a perfectly good airport, even a nice soft grassy field, outside the Class B for no reason other than you thought you could do whatever you want under 91.3(b)...you're fucked. In fact, even if that was the only reasonable option (other runway was too short, covered in clouds, mountainous terrain with no fields, whatever), you still better hope to hell no one can ever possibly blame you for the engine failure.

It's not that black and white. First of all, once I utter the words "I declare an emergency", or just squawk 7700, not a single controller will deny me class B clearance. They're trained to deal with the emergency first, handle the rest later.

Second, if I mess up in flight, that does not mean I deserve a death sentence by ATC denying me the best possible option to get out of my emergency. A very good example of this would be a VFR pilot flying into IMC. It is his own fault for getting in that situation, but ATC will do their best to help him out.

Yes, you may need to explain yourself to the FAA. But I rather be in the hot seat in front of the FAA than have my wife and kids say their last farewells.

You cannot exercise 91.3(b) if the emergency is your fault. If you forgot to switch tanks, cannot show that you were properly performing maintenance (like changing the oil), the FBO where you rented the airplane didn't do a 100 hour, whatever...you're fucked.

Total utter bullshit. You can exercise 91.3(b) at any time if the safety of the flight requires you to do so. Feel free to cite the rule that provides an exception for self-induced emergencies.

That does not say that you can do whatever the fuck you want. It means that the accountability comes afterwards, in the sense of "we have a number for you to call", once you're safely on the ground.

Re:Ya Think?

[Zeek40]

Over 10 miles of cable needed to be replace, and yes there was a fire. 18 server racks full of equipment needed to be replaced as well. The fire actually only damaged about 1/4 of the hardware mounted there, but the fire hoses took care of everything the fire didn't.

Re:Ya Think?

[digsbo]

I doubt it. The NSA not sharing information with other bureaucracies was part of the reason they created the ineffective bureaucracy known as DHS. Nobody really knows *what* NSA does. CIA: Cause problems in foreign countries to pretext for war. ATF: Escalate conflicts with idiots and get innocents killed in shootouts and fires. FBI: Mostly legitimate law enforcement, with entrapment of idiots in "terror" stings. NSA: No idea.

Oh Goody!

[ArhcAngel]

I like riddles.

I respect the FAA

[sjbe]

The FAA is one of a very few government agencies that takes its job seriously and focuses on quality.

They're better than that. Surgeons in operating rooms are cribbing from the FAA for techniques and procedures to improve patient safety. The safety record of the airline industry is quite remarkable and the FAA deserves a huge amount of the credit for that achievement. I've worked as a quality engineer and whatever their other flaws might be, the FAA groks quality and safety as well as any organization I've ever seen.

I'd trust them to take IT systems security seriously and delegate the work to competent engineers.

As would I. The only thing I really worry about with the FAA is in keeping Congress from meddling with them too much. They are in my opinion one of the best run agencies in our government. That's not to say they don't have their flaws but on the big picture stuff, especially safety, they do a pretty good job overall even when they don't have all the resources they might.

Almost can't believe I'm saying this, but it would seem they have good workers.

Why should it shock you? We have many people in our government who are remarkably competent. I'd be happy to introduce you to some that I know personally. The FAA does not only have good workers but they have a safety first framework and have built a culture and procedures to support that. They also have the advantage of not being a political football for Congress to fight over. A good worker can be put into a system that doesn't work and chances are they will fail. Safety and reliability are NOT about competent people working hard. Those are important things but they will not get the job done unless you also have an organizational framework that supports them properly. The FAA has oversight over the entire process from certifying the airplanes before they even get built, to overseeing the ongoing maintenance and supply, to being able to force private companies to be grounded if they don't do what they are supposed to do when they are supposed to do it. They are able to get into all the corners of the industry that affect safety and they largely do a good job of ensuring that things are done properly like a regulator is suppose to.

Re:I respect the FAA

[k6mfw]

The FAA is the government's weapon of mass destruction that causes ongoing devastation to all of aviation, and excellent proof that we do not live in a free country.

I'd also put blame on TSA that makes boarding airlines miserable and they want to expand "security" into GA. Then you have local governments and officials trying to close down GA airports. Lots of examples of elected officials that tried to close Reid Hillview and Santa Monica along with huge following of general public ("why did they put that airport next to a shopping center?"). And there is big business itself expanding into open areas around airports squeezing out the private pilot. And consolidation of airlines of one company buying out others then nickel and diming over baggage, meals, etc. Note that GA and airline travel are two different classes of aviation. In some cases airline travel is expanding but overall GA is going down (I do wonder where future airline pilots will come from, as many got their start hanging out at GA airports which nowadays authorities will look at such lurkers as terrorists).

Re:I respect the FAA

[sjbe]

You've got to be kidding me. Nearly every instructor I've ever had offers different stories about the FAA.

So because a bunch of flight instructors don't like dealing with the FAA the organization isn't effective at ensuring airline safety? You can tell stories about stupid things that happen in ANY organization and the FAA is no different. Yeah, not everything the FAA does is perfect - news at 11. Of course the aviation industry has achieved a ridiculously impressive safety record and the FAA has been a huge part of that. Coincidence? Not remotely. Just because an organization does some silly stuff doesn't negate their actual accomplishments.

Hasn't anyone noticed the steady decline [airfactsjournal.com] in the number [haywardairportnoise.org] of licensed pilots over the last decade?

For general aviation sure. It's expensive, time consuming, and causes your insurance rates to go through the roof if you are a general aviation pilot. Owning and maintaining a plane is not a cheap hobby.

If you are a pro the pay for a newbie pilot is ridiculously low and that has nothing at all to do with the FAA. That's simply due to the fact that there is an excess supply of pilot so wages get pushed down. I have a cousin who became a airline pilot. Spent a ton of money getting trained and was making all of about $30K/year in salary to drive the bus in the sky. Gee, wonder why people wouldn't want to become a pilot if the wages are shit and the hours are long.

However, if you piss off the wrong FAA guy and he decides to ride you like a pony, you will go broke and enter bankruptcy trying to comply with the specific and individual demands he makes in the name of safety regarding your plane, or you will stop participating in aviation altogether.

So don't piss him off.

When they raise the standards for safety so high that pilots and airlines go broke as super expensive FAA certified mechanics throw away perfectly good parts from their planes, the FAA is clearly failing again.

Just because a part is functional and not yet broken does not mean it is inappropriate to take it out of service. I'm sure you can find examples of something silly done by some FAA employee but the fact remains that without them the safety record of the aviation industry would not be anywhere close to what it is today.

Oh and the airlines industry right now is reporting record profits. Airlines going broke? Only the badly run ones. They've finally figured out that having excess capacity is economically stupid and they've started charging ticket and other fees that are high enough to actually generate a profit. What a concept...

Re:The obvious solution

[grimmjeeper]

And you can guarantee that that fiber can't be tapped between the end points? Just because a network is isolated from the Internet doesn't mean it's completely secure.

News from the 1990's.....

[Lumpy]

Almost everyone that has seen the systems in place have know this for over 2 decades.

It's a mess, an unholy mess that they really need to dump a couple billion into to do a full upgrade and redesign. The whole ATC system is a giant ball of bandaids.

Re:News from the 1990's.....

[Overzeetop]

Given the results of the government's most recent attempt to build a working website, I'm not sure a complete system could be built for any price.

The sky is blue and water is wet.....

[DougOtto]

I wonder how much that study cost.

Re:That Die Hard movie is looking pretty accurate

[bobbied]

Perhaps, but the FAA did actually manage to control physical access to that terminal fairly well.

All in all, my quick skim though the report tells me that where the FAA does have issues with security (Mostly with, network security, management of users and patches) they don't do that badly given their large size. They have similar problems to just about everybody else that has systems of similar complexity and by my estimation do better than average on just about all aspects of security. Given the "mission critical" nature of what these systems do and how complex the total system is things need to be better, but IMHO they are doing a bang up job now keeping aircraft from bouncing off each other in the sky.

Re:The obvious solution

[bobbied]

And for the most part, this is what the FAA does, or historically has done. Only recently they have started to phase out the 40 year old system that pre-dated the internet and move to IP based communications.

Also, I don't agree with your approach of just stringing up your own infrastructure for communications. IP networks can be built with LOTS of redundancy and using a couple of internet connections and routing your traffic over them can add huge redundancy gains with low cost. I think the FAA needs an "all of the above" solution, where it provides secure and redundant communications over as many different paths as they can. Nail up direct links, backup links over the internet, throw some satellites up with data link capacity, and even use direct RF links. Just don't depend on any ONE link for mission critical communications... Of course all these links need to be secure, but there are secure ways to tunnel though public channels, you just have to use them.

The bigger issue...

[MagickalMyst]

is dealing with the malfeasance regarding 9/11.

Sure, these technical issues are very important and need to be addressed.

But all of these issues are moot if the diabolical, elite villains are still in power.

Even if the systems were patched and secure, they could still let another 9/11 happen if they choose to.

Re:The bigger issue...

[Obfuscant]

Even if the systems were patched and secure, they could still let another 9/11 happen if they choose to.

This is insightful? The FAA has no ability to stop another 9/11. They can't reach out from their radar facilities and stop a nut in a plane from flying into a building. They can issue instructions, but have no way of forcing them to be followed. The controllers who had the flights of 9/11 on radar didn't "let" it happen, they watched it unfold without a way of stopping it.

What DOES happen now is that anything that is deviating in a significant way from ATC instructions is handed to the Air Force for an intercept mission. The Air Force has the authority to shoot down threats, and they practice this mission on a regular basis. But actually doing that means shooting down a planeload of mostly innocent civilians -- an act that cannot be taken lightly.

Re:The obvious solution

[hey!]

I really don't see that as a the most vulnerable point. Not by a long shot. Tapping a digital fiber link wouldn't be like US submarines tapping Soviet analog telephone cables. The data on the link can be encrypted and authenticated at either end such that it's not really practical to modify or impersonate without the kind of assets in the organization that would make an inside job a lot simpler.

The real problem is human factors. Air-gapping sensitive systems is a sound idea in principle but in practice it often fails because it's too cumbersome for users who then undermine the system. And Stuxnet showed that it's possible for a sufficiently advanced opponent to target systems of the far side of an air gap.

So the problem is with the notion that separate parallel systems separated from the outside world are a "simple" solution. They're a potential solution, but if you want to have confidence in that solution there's a lot of work analyzing and policing the behavior of the people who use, maintain, and produce the equipment.

Re:The obvious solution

[grimmjeeper]

To take that a step further, attacking the people who have direct access to the network is harder. Instead, targeting the companies that supply the equipment is an easier vector. I may be wrong (and please correct me if I am) but wasn't Stuxnet infiltrated at the supplier of the computer equipment rather than by a successful compromising of an individual working directly on the system?

Re:The obvious solution

[Phreakiture]

And you can guarantee that that fiber can't be tapped between the end points? Just because a network is isolated from the Internet doesn't mean it's completely secure.

It won't be necessary to tap the fiber. Some moron will plug their smartphone in to their computer to charge it and that will be the end of the airgap.

Re:The obvious solution

[hey!]

How it was initially deployed is known only to its makers, but Stuxnet was designed to enter an isolated facility on a USB drive. Once on the LAN it would propagate to other computers, and potentially to other networks via an infected laptop, which is how it ended upon the Internet.

You can use your imagination as to how they got the USB into the target facility. It might have been as simple as dropping the USB stick in the parking lot of a vendor, but given the resources needed to create the worm itself you can't rule out some kind of black bag job or human asset.

Anyone Remember Chicago?

[freak0fnature]

I don't think we needed a report to know this. Last Octobers arson in Chicago was evidence that there are serious vulnerabilities with the FAA.

The Cybernet and ATC systems ..

[lippydude]

"Cyber-based threats to federal information systems such as those that FAA relies on for its ATC systems are evolving and growing .. Further, the growing interconnectivity among different types of information systems presents increasing opportunities for such attacks."

Just who in their right minds connect an Air Traffic Control system to the Cybernet?

Re:You don't see the problem

That "one" facility controls traffic through one of the largest hub cities in the country. For some of the major airlines, if you can't connect through chicago, you can't get to about 75% of the rest of the country. So, yea, there's an argument about that...you dolt.

True on water as well

[justthinkit]

True on water as well. The ship's pilot is absolute commander.

Re:True on water as well

[gstoddart]

Yarg! Now get 'yer booty to my cabin, and put on that frilly thing I be likin' so much.

Oh, evening captain. Mr. Jones, carry on as you were.

Re:True on water as well

[QQBoss]

On a ship, the captain and the pilot are two different roles and never the same person. It is the captain who has ultimate authority, the pilot is a person brought in on a case by case basis to help the captain navigate through local waters. Captains might travel the world, pilots stick to a particular stretch of water and have the local knowledge to advise the captain, usually as a requirement of maintaining insurance in case of accident. My grandfather was a ship's captain away from home almost 9 months a year, my uncle was a pilot on the Panama Canal and slept at home almost every night.

Re:True on water as well

[justthinkit]

One thing wrong, or at least muddled...

When the pilot comes on board, he becomes the Ace of Trumps. You know, "only one captain on a ship". What would be the point of a local expert coming on board if the non-expert captain was still in charge?

Maybe you are confusing general operation of the ship with the act of "driving it". No doubt while the pilot is aboard, the captain can still order a mate to swab a deck. But when it comes to "Since we're late can we speed up to make up time?" that is only the pilot's call. Who, of course, would not speed up.

Since we're playing the "my dad is better than your dad" game, it was one of my closest friends who was both a ship's captain (for decades) and a ship's pilot (for years more). Pilots make more, while doing less, so he retired at that position.

Re:The obvious solution

[grimmjeeper]

That's the trouble with very successful attacks that end up having unanticipated consequences. They leave behind enough evidence that the attack vector is now known and steps are taken to reduce vulnerability (to varying degrees of success). It works the first time but often not ever again, or at least not until people forget about it and get sloppy again.

Re:You don't see the problem

[k6mfw]

That "one" facility controls traffic through one of the largest hub cities in the country. For some of the major airlines, if you can't connect through chicago, you can't get to about 75% of the rest of the country. So, yea, there's an argument about that...you dolt.

Put fault on the airline, not FAA.