FAA dealing with 'bad scenarios'

The Federal Aviation Administration is moving forward with a pair of information technology security initiatives that were set in motion long before Tuesday's terrorist attacks, according to the agency's chief scientist for IT.

Marshall Potter, technical adviser and chief scientist for IT at the FAA's Office of Information Services, said Version 2.0 of the FAA's Information System Security Architecture will cover all of the agency's IT assets, as opposed to older versions that only covered the National Airspace System (NAS).

"As of now, it will be released internally to the FAA on Oct. 1," Potter told FCW at the 21st Century Commerce International Expo in Phoenix Sept. 11. He said that work had been under way since January to come up with "bad scenarios" and how the FAA would deal with them from an IT perspective, but he said, "I expect no one would have given very much credence to the actions of today."

Potter also said Version 1.0 of the NAS Protection Profile template would be ready for internal review early in the first quarter of the upcoming fiscal year.

Protection profiles are used to determine requirements and to validate commercial off-the-shelf products for use by the FAA and other organizations. "But those are at the product level, and we're putting it at the system level where there could be 40, 50 or 100 different components," Potter said.

The FAA currently has Version 0.9, and although the template is solely designed for NAS, the agency's Next Generation Communications office is already using it, Potter said, adding that Version 1.0 will be made available agencywide for review.

The FAA, the National Information Assurance Partnership and other partners are developing the template.