UPDATE - FAA Still Hasn't Plugged Computer Security Holes - Report

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

[Fair Use: For Educational and Research Purposes Only]

FAA Still Hasn't Plugged Computer Security Holes - Report

By David McGuire, Newsbytes WASHINGTON, D.C., U.S.A., 13 Jun 2000, 4:49 PM CST

In recent years, thousands of outside contractors, many of them foreign nationals, have been allowed access to the Federal Aviation Administration's critical computer systems without having to undergo background checks, a government report released today said.

While the report concludes that the FAA is taking steps to address the gaping security hole, the agency is saddled with a backlog of security checks that it doesn't expect to complete for several months.

Requested by Science Committee Chairman James Sensenbrenner, R-Wis., and ranking Democrat Ralph Hall, D-Texas, the General Accounting Office report on FAA computer security outlines a history of lax personnel practices at the agency, particularly in the area of outside contractors.

"Our air traffic control system now is unacceptably susceptible to computer tampering due to the FAA's breakdown in computer security procedures," Sensenbrenner said in a statement today. The lapses are particularly galling " because this committee and others have repeatedly stressed to the FAA the threat cyber-terrorism presents to our air traffic control system," he added.

The first indication that the FAA was not adhering to strict security practices came last year when the agency completed its Y2K remediation efforts in a surprisingly short period, Science Committee staffer Jeff Lungren said today.

When the Science Committee asked the FAA if it had performed security checks on all of the Y2K contractors hired to fix the agency's air traffic control and other systems, the FAA revealed that it did not have a system in place for performing such checks.

In December, the GAO released a report on the gaffe, which was followed by more questions about the FAA's overall dealings with outside contractors.

In response to the December report, the FAA beefed up its personnel security practices, announcing its intention to perform "compliance audits" in July of this year. Still, today's report recommends that the FAA be more aggressive in training its employees on security protocols.

The report also suggests that the FAA develop a "quality assurance process" to oversee its personnel security activities.

"We acknowledge the report, we agree with the recommendations and already we've taken steps to implement some of the suggestions that the GAO offered," FAA spokesperson Tammy Jones said today.

The Science Committee had intended to hold a hearing on the FAA's computer security practices on Wednesday, but a scheduling problem caused them to postpone, Lungren said.

A copy of the GAO report can be downloaded at http://www.gao.gov/cgi-bin/getrpt?AIMD-00-169 .

Reported by Newsbytes.com, http://www.newsbytes.com .

16:49 CST

(20000613/WIRES TOP, ONLINE, LEGAL, BUSINESS http://www.newsbytes.com/pubNews/00/150560.html

=====================

-- (Dee360Degree@aol.com), June 13, 2000


Moderation questions? read the FAQ