FAA Administrator Michael Huerta told Congress Tuesday his agency is implementing changes to ensure the nation's air traffic control system is protected against computer hackers. Huerta told a House panel "the system is safe," despite a Government Accountability Office report that found "significant security control weaknesses."
Rep. Peter DeFazio, D-Ore, one of the lawmakers who requested the GAO report, said at a House Transportation subcommittee hearing that he is concerned the system could be vulnerable to breach by terrorists. "We know there is an enduring interest in terrorist groups in aviation; they've used our aviation system as weapons. One can imagine they might be interested in hacking the system and perhaps could facilitate a midair collision."
The GAO report found the FAA has taken steps to protect air traffic control systems, but that weaknesses remain in, among other things:
- controlling, preventing, and detecting unauthorized access to computer resources
- identifying and authenticating users
- encrypting sensitive data
Huerta told the panel that "first and foremost, the system is safe." He said a significant number of the GAO report's recommendations have been "remediated already."
The air traffic control system is operated by more than 46,000 FAA personnel and handles as many as 2,850 flights in a given moment. The GAO report found the FAA has "not fully established an integrated, organization-wide approach to managing information security risk that is aligned with its mission."
Therefore, the report says, air traffic control systems are at "increased and unnecessary risk of unauthorized access, use or modification" that could disrupt air traffic control operations.
Most of the report's findings are classified.
Huerta said the FAA had previously established a cybersecurity steering committee and said he is "very actively focused" on the GAO's recommendations.
Transcript
RENEE MONTAGNE, HOST:
Hackers could disrupt the nation's air traffic control system, according to a government watchdog report. The head of the FAA says the system is safe. Here's NPR's Brian Naylor with more.
BRIAN NAYLOR, BYLINE: The Government Accountability Office found what it called significant security control weaknesses at the FAA. They include preventing and detecting unauthorized access to computers, authenticating users and encrypting sensitive data. Oregon Democrat Peter DeFazio, one of the lawmakers who requested the GAO report, says he's concerned the system could be vulnerable to a breach by terrorists.
(SOUNDBITE OF ARCHIVED RECORDING)
REPRESENTATIVE PETER DEFAZIO: We know there is an enduring interest in terrorist groups in aviation. They've used our aviation system as weapons. One can imagine, you know, they might be interested in hacking the system and perhaps could facilitate a midair collision.
NAYLOR: FAA Administrator Michael Huerta told DeFazio and other lawmakers on a House transportation subcommittee that his agency is already making changes to ensure the air traffic control system is protected from hackers.
(SOUNDBITE OF ARCHIVED RECORDING)
MICHAEL HUERTA: First and foremost, the system is safe. GAO acknowledged in their report that the agency has made significant progress in identifying the issues they talked about. And of the many recommendations, many have already been mitigated, and we're working closely with them to continue to focus on them.
NAYLOR: More than 46,000 FAA personnel operate the air traffic control system, which handles nearly 3,000 flights in a given moment. The GAO report found the FAA has not fully established an integrated, organization-wide approach to managing information security risk. Most of the report's findings are classified. Huerta says the FAA has established a cybersecurity steering committee and that he's very actively focused on the GAO's recommendations. Brian Naylor, NPR News, Washington. Transcript provided by NPR, Copyright NPR.
300x250 Ad
300x250 Ad