FAA Administrator Michael Huerta told Congress Tuesday his agency is implementing changes to ensure the nation's air traffic control system is protected against computer hackers. Huerta told a House panel "the system is safe," despite a Government Accountability Office report that found "significant security control weaknesses."
Rep. Peter DeFazio, D-Ore, one of the lawmakers who requested the GAO report, said at a House Transportation subcommittee hearing that he is concerned the system could be vulnerable to breach by terrorists. "We know there is an enduring interest in terrorist groups in aviation; they've used our aviation system as weapons. One can imagine they might be interested in hacking the system and perhaps could facilitate a midair collision."
The GAO report found the FAA has taken steps to protect air traffic control systems, but that weaknesses remain in, among other things:
- controlling, preventing, and detecting unauthorized access to computer resources
- identifying and authenticating users
- encrypting sensitive data
Huerta told the panel that "first and foremost, the system is safe." He said a significant number of the GAO report's recommendations have been "remediated already."
The air traffic control system is operated by more than 46,000 FAA personnel and handles as many as 2,850 flights in a given moment. The GAO report found the FAA has "not fully established an integrated, organization-wide approach to managing information security risk that is aligned with its mission."
Therefore, the report says, air traffic control systems are at "increased and unnecessary risk of unauthorized access, use or modification" that could disrupt air traffic control operations.
Most of the report's findings are classified.
Huerta said the FAA had previously established a cybersecurity steering committee and said he is "very actively focused" on the GAO's recommendations.