FAA security office opens for business

The hundreds of facilities and the thousands of systems and personnel at

the Federal Aviation Administration can look like Mount Everest to someone

in charge of information security.

That's why the director of a new office to tackle information security

at the FAA is applying a systematic approach at the place where everything

comes together: each facility in the national airspace system.

By examining physical and personnel barriers, nationally deployed computer

systems and locally unique computer systems at each air traffic management

facility, Raymond Long hopes to plug the holes in the FAA's network that

may be at risk of intrusion.

In May, the FAA created the Office of Information Systems Security and

called upon Long, the former director of the FAA's Year 2000 Office, to

head the new office. Long is expected to apply experiences and lessons learned

during the Year 2000 effort to the security issue at FAA.

"This job is 10 times the magnitude of what Y2K [could ever be]," Long

said. "Y2K had a deadline, and the problem was well known. This one never

ends, and we have to create new technology to solve the problems."

The older mainframe systems used by the FAA have kept the critical data

used to control air traffic isolated from external systems. But the introduction

of new decentralized systems to modernize and automate air traffic management

also opens the agency's facilities to a greater risk of attack, Long said.

Long said he sees the information security initiative as primarily an

awareness effort to get agency workers focused on the issue. But the office

also has a systematic approach to certifying its systems as hacker-proof.

FAA chief information officer Daniel Mehan created the office in response

to Presidential Decision Directive 63, which was signed in May 1998. The

directive requires all federal agencies to develop plans and take steps

to protect their critical infrastructure.

Creating a central office is crucial in providing the big picture of

security across the agency, said Jean Boltz, a security expert at the General

Accounting Office. "Also, [the offices] can serve as a conduit to senior

management, a central focus point for issues like incident handling," she


The FAA office has a budget for fiscal 2000 of $42.5 million and has

requested $87.3 million for 2001. Long said he expects another significant

increase for 2002.

A report by GAO in December 1999 found that the FAA's insufficient management

support, insufficient user training, and inadequate policy enforcement led

to its failure to comply with internal personnel security policies.

Added information system security isn't something that has proven to

be a necessity yet, but it is "better to be safe than sorry," said Randy

Schwitz, executive vice president of the National Air Traffic Controllers


A priority should be the host computer system, which is at the heart

of all en-route air traffic operations as well as personnel systems, Schwitz


—Diane Frank contributed to this article.


  • Acquisition
    Shutterstock ID 169474442 By Maxx-Studio

    The growing importance of GWACs

    One of the government's most popular methods for buying emerging technologies and critical IT services faces significant challenges in an ever-changing marketplace

  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

Stay Connected