The nation's air traffic control system is vulnerable to cyber-attack. Shown: Air Traffic Controller, Robert Moreland, works in the airport control tower in Opa-locka, Fla. (Joe Raedle / Getty Images)
Several government agencies are partnering with commercial organizations, including airplane manufacturers, in a new information-sharing program designed to help thwart potential cyber attacks against the air traffic control system, according to Foreign Policy.
The program is being led by the Transportation Security Administration in conjunction with the office of the Director of National Intelligence and the National Counterterrorism Center. It will include the construction of an information-sharing and analysis center at a TSA facility near Ft. Meade, Md., where the National Security Agency and U.S. Cyber Command are headquartered.
Cyber-threat information-sharing initiatives have seen at least some success in recent years, including the defense industrial base (DIB) program that shares threat indicators and related data between major defense contractors and the Defense Department. The Homeland Security Department also has launched efforts to share cyber threat information between government and commercial entities in order to better protect critical infrastructure.
Warnings of cyber threats to the U.S. air traffic control system are not new. It was a point President Barack Obama made in a national cybersecurity address in 2009. Computer problems that hampered Federal Aviation Administration operations that same year raised serious questions about cyber vulnerabilities. Making matters worse, the antiquated air traffic control network is not set for replacement until the Next Generation Air Transportation System is completed in 2025.
In a December 2013 report outlining top challenges for 2014, the Transportation Department’s Office of the Inspector General criticized DOT for endangering transportation technology infrastructure by failing to update IT systems as federally required.
“Last year, we reported that the department improved its information security program by enhancing its cyber security policy and guidance and establishing a repository for software security baselines,” the DOT inspector general wrote. “However, DOT’s information systems still remained vulnerable to significant security threats and risks because the program did not meet key Office of Management and Budget (OMB) and Federal Information Security Management Act (FISMA) requirements to protect agency information and systems.”