By Aimée Turner
The US Federal Aviation Administration has admitted that the nation’s air traffic control systems are vulnerable to cyber attack following a top-level probe into systems security.
The US transportation department’s Office of Inspector General has concluded that support systems were breached in recent months allowing hackers access to personnel records and network servers, with such breaches having the potential to compromise vital operational systems that control communications, surveillance and flight information used to separate aircraft.
Recent cyber attacks, including a February incident where hackers gained access to personal information on about 48,000 current and former FAA employees and an attack in 2008 when hackers took control of some FAA network servers, led auditors to judge that the FAA is not able to detect adequately potential cyber security attacks.
“In our opinion, unless effective action is taken quickly, it is likely to be a matter of when, not if, ATC [air traffic control] systems encounter attacks that do serious harm to ATC operations,” say the auditors who recommend urgent FAA action.
FAA officials say its support systems and traffic control networks are independent from each other: “We want to emphasise that the FAA’s air traffic organisation uses two types of major networks that are separated physically and logically.
“One provides mission support for administrative functions and the other is used to operate the air traffic system. It is not possible to use the administrative and mission support network to access the air traffic control network. That said, we concur with the inspector general’s recommendations and are working to correct any vulnerabilities.”