DOT IG: ATC System Vulnerable to Cyber Attacks

Web applications used in supporting FAA air traffic control systems are not properly secured to prevent attacks or unauthorized access, warns a report released yesterday by the DOT Inspector General. The need to protect ATC systems from cyber attacks requires enhanced attention because the FAA has increasingly turned toward the use of commercial software and Internet Protocol (IP)-based technologies to modernize ATC systems, according to the OIG. “While use of commercial IP products, such as Web applications, has enabled the FAA to efficiently collect and disseminate information to facilitate ATC services, it inevitably poses a higher security risk to ATC systems than when they were developed, primarily with proprietary software,” the OIG said. “Now, attackers can take advantage of software vulnerabilities in commercial IP products to exploit ATC systems, which is especially worrisome at a time when the nation is facing increased threats from sophisticated nation-state-sponsored cyber attacks.”