FAA to block wireless activity near agency networks
- By Aliya Sternstein
- Dec 28, 2006
Information Security: Federal Agencies Need to Improve Controls over Wireless Networks (.pdf)
The Federal Aviation Administration has signed a contract to install a nationwide wireless intrusion-detection system at air traffic control centers, FAA training centers and the organization’s headquarters, according to FAA officials.
The installation is designed to keep out hackers and other unauthorized users who try setting up a rogue wireless access point to gain entry into an FAA local-area network at one of the agency’s facilities, said Jeffrey Widom, owner of Simplex Data Solutions, the company that will conduct site surveys and install intrusion-detection sensors. Simplex is a service-disabled veteran-owned small business based in Leesburg, Va.
“This is pre-emptive. It’s proactive,” he said. “I’m also writing all the security paperwork. I’m going to make sure this gets reported properly to the Office of Management and Budget.”
Without such security, outsiders could potentially access the FAA’s proprietary information, Widom added.
A May 2005 Government Accountability Office report, "Information Security: Federal Agencies Need to Improve Controls over Wireless Networks," prompted FAA officials to draft an internal order about wireless activity, said John Benson, deputy director at the FAA Office of the Assistant Administrator for Information Services and Chief Information Officer. He is also a veteran of the U.S. Coast Guard.
Security tests on wireless networks at six federal agencies revealed unauthorized wireless activity and wireless signals broadcasting beyond the perimeter of the building, the GAO report states.
While crafting the order, FAA officials decided the agency needed continuous monitoring capability, Benson said.
The FAA does not currently have an enterprise wireless system at its facilities, he said. This security system will block all rogue wireless access points that are maliciously connected to the FAA’s network at FAA facilities. About 30 FAA centers are connected to the network.
The networks carry administrative data, such as payroll, personnel information and FAA financial figures, according to FAA officials. Air travel data flows over a separate network, so a cyberattack on the network would not affect air travel, Benson said.
The system will allow FAA officials in the Washington, D.C., area to centrally monitor the airwaves and receive alerts from FAA facilities nationwide, he added. Monitoring at select locations could begin in late January 2007. The system is expected to be fully operational by the fall of 2008.
The one-year base contract with one-year optional follow-on is worth about $900,000, Benson said.
Simplex will be installing several hundred passive wireless sensors manufactured by Atlanta-based AirDefense. The FAA is one of more than 50 federal agencies, including the Defense Department, that use AirDefense’s intrusion-prevention products.
“The threat from wireless devices happens whether…you have wireless deployed or not,” said Amit Sinha, chief technology officer at AirDefense. “You can have a simple Linksys access point that bypasses firewalls and provides a backdoor entry into your private network.”