FAA flying blind with IT systems?

The Federal Aviation Administration seemingly was the last to know about

weaknesses in its computer systems and personnel clearances, making the

air traffic control system vulnerable to hacking.

Even after the General Accounting Office notified the FAA and recommended

specific actions, the agency did not fix its problems with conducting background

checks of information technology contractors and securing systems in a timely

fashion, Joel Willemssen, director of civil agencies information systems

at GAO, told the House Science Committee Wednesday.

GAO informed the FAA in December 1999 that the FAA had failed to conduct

background checks on contractors hired to remediate mission-critical systems

for the Year 2000 rollover, FAA Administrator Jane Garvey said in response

to questions about her knowledge of the "serious and pervasive" problems

addressed in GAO's review of the agency's computer systems.

After 10 months of review by GAO, the FAA still did not follow its own

security rules for contractor employees hired to conduct penetration testing

and vulnerability assessments of its systems, which provide air traffic

control services for the country. The air traffic control system helped

transport 670 million people last year, Garvey said.

"It should not require a congressional hearing for a federal agency

to realize that it needs to abide by its own security requirements. Unfortunately,

with FAA, that seems to be the case," House Science Committee Chairman F.

James Sensenbrenner Jr. (R-Wis.) said in his opening statement at the hearing,

"Computer Security Lapses: Should FAA be Grounded?"

Garvey said FAA chief information officer Daniel Mehan is responsible

for making sure the agency's systems are audited and that all background

checks of contractors are conducted with the Office of Personnel Management

by March.

Garvey said she is approaching computer security with the same vigor

as the Year 2000 problem, but unlike the millennium bug, computer security

will never be complete and is a larger problem.

"More needs to be done to establish the specific procedures and enforce

their importance through awareness and training," Willemssen said.

Featured

  • Cybersecurity
    Boy looks under voting booth at Ventura Polling Station for California primary Ventura County, California. Joseph Sohm / Shutterstock.com

    FBI breach notice rules lauded by states, but some want more

    A recent policy change by the FBI would notify states when their local election systems are hacked, but some state officials and lawmakers want the feds to inform a broader range of stakeholders in the election ecosystem.

  • paths (cybrain/Shutterstock.com)

    Does strategic planning help organizations?

    Steve Kelman notes growing support for strategic planning efforts -- and the steps agencies take to keep those plans relevant.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.