Review of Web Applications Security and Intrusion Detection in Air Traffic Control Systems [open pdf - 253KB]
This report presents the results of the audit done by the Department of Transportation, Office of the Inspector General regarding "web applications security and intrusion detection in air traffic control (ATC) systems. This audit was requested by the Ranking Minority members of the House Committee on Transportation and Infrastructure and its Aviation Subcommittee. Homeland Security Presidential Directive (HSPD)--7 designates air traffic control systems as part of the Nation's critical infrastructure due to the important role commercial aviation plays in fostering and sustaining the national economy and ensuring citizens' safety and mobility. Essentially, HSPD-7 requires the Secretary of Transportation to ensure that the ATC system is protected from both physical and cyber security threats to prevent disruptions in air travel and commerce. The need to protect ATC systems from cyber attacks requires enhanced attention because the Federal Aviation Administration (FAA) has increasingly turned toward the use of commercial software and Internet Protocol (IP)1-based technologies to modernize ATC systems. While use of commercial IP products, such as Web applications, has enabled FAA to efficiently collect and disseminate information to facilitate ATC services, it inevitably poses a higher security risk to ATC systems than when they were developed primarily with proprietary software." Recommendations regarding issues and areas of concern were made to the FAA. This document concludes with the actions that the FAA has taken to address those recommendations.
United States. Department of Transportation. Office of the Inspector General: http://www.oig.dot.gov/