Aviation CIO stresses security needs
- By Randall Edwards
- Oct 16, 2003
Federal Aviation Administration
A good cybersecurity defense system has multiple layers, system monitoring and effective quarantining of network intrusions, the man in charge of the Federal Aviation Administration's information technology said today.
Comparing his system approach to the human body, FAA chief information officer Daniel Mehan outlined his views on a proper cybersecurity defense system this morning, while speaking to industry officials at an executive breakfast of National Business Promotions and Conferences Inc.
Mehan said a multiple-layered approach is necessary. However, he warned of the importance of efficiency and flexibility when dealing quickly with intrusions.
When infected by a virus, or other forms of intrusion, Mehan stressed the need for an adaptive quarantine. A key element of future cybersecurity systems is building break points where intrusions can by stopped and isolated.
Monitoring the system is crucial to cyberdefense, Mehan said. Agencies must know how to interpret data and receive real-time analysis, he said, adding that effective cybersecurity deals with intrusions on a real-time basis and maintains continuity of operations.
"I think we're much smarter than we were four years ago," Mehan said. "This is the way we're going to approach [cybersecurity], and we think it will help us think things through in the future."
Mehan predicted an increase in sophisticated intrusions in the future, and called for improved security engineering.
"We're moving [toward] situations that are much more instantaneous. We need multiple layers of protection, but we must have a certain nimbleness in dealing with intrusions," he said.
Stating that the agency's Computer Security Incident Response Center is the "heart of the cyberdefense system," Mehan stressed the need for an agencywide view of cyberdefense.
Mehan also stated that FAA projects, such the agency's Telecommunications Infrastructure program — a 15-year effort aimed at improving telecommunications at more than 5,000 FAA facilities nationwide — must fit together under the cybersecurity framework.
"There is room for a lot of roles," Mehan said. "The key is that they be integrated."