The U.S. air traffic control system does not have sufficient security measures in place to protect it from hackers who might seek to disrupt flight routes, federal investigators said in a report released Monday.
The probe by the Government Accountability Office (GAO) found that federal aviation regulators have undertaken some precautions on cybersecurity, but that “significant security control weaknesses remain” without an agency-wide strategy on cyber defense.
“Until the [Federal Aviation Administration] effectively implements security controls … the weaknesses GAO identified are likely to continue, placing the safe and uninterrupted operation of the nation’s air traffic control system at increased and unnecessary risk,” the report stated.
Officials across the government are grappling with the threat from hackers bent on breaking into computer networks and tampering with or stealing sensitive data.
Government agencies regularly combat thousands of hacking attempts from around the world. The pressure from would-be cyber criminals has started to highlight weaknesses in federal computer systems that went unnoticed in prior years.
The GAO criticized the FAA for a failure to consistently adopt good cybersecurity practices, including the need to properly authorize and authenticate users, encrypt sensitive data, note changes in network devices and test security controls.
The agency’s ability to detect hacking incidents, its training of security personnel and its rate of addressing identified weaknesses quickly were not always up to par, investigators found.
In a written response reported by the Washington Post, FAA acting assistant secretary Keith Washington acknowledged the GAO recommendations and said the FAA already completed six “major milestones” to improve cybersecurity.
Reports by the GAO — Congress’s investigative arm — often move lawmakers to introduce legislation, hold hearings or press agency chiefs for changes.
Sen. Bill Nelson (D-Fla.), who requested the investigation, expressed “alarm” at the findings during an interview with CNN. His office announced that he is sending a letter to the FAA to press for more details on how it will fix vulnerabilities.