Air Traffic Control: Weak Computer Security Practices Jeopardize Flight Safety, Report to the Committee on Governmental Affairs, U.S. Senate [open pdf - 76KB]
"Given the paramount importance of computer security of ATC systems, you asked us to determine whether FAA is effectively managing physical security at ATC facilities and systems security for its current operational systems, whether FAA is effectively managing systems security for future ATC modernization systems, and the effectiveness of FAA's management structure and implementation of policy for computer security. We issued a 'Limited Official Use' report to you detailing the results of our review on April 29, 1998. This unclassified version of that report summarizes the weaknesses we found in FAA's ATC computer security program and our recommendations for corrective actions. FAA is ineffective in all critical areas included in our computer security review-facilities physical security, operational systems information security, future systems modernization security, and management structure and policy implementation."
Government Accountability Office (GAO): http://www.gao.gov/