FAA urged to step up computer security efforts
In the wake of a September report identifying security lapses in the computer system of the Federal Aviation Administration, the General Accounting Office Wednesday published official recommendations on how the agency might increase its security.
In its new report, "FAA Computer Security: Recommendations to Address Continuing Weaknesses" (GAO-01-171) GAO recommended that the Transportation Secretary direct the FAA to increase personal, physical, operational and information-systems security and to establish an intrusion-detection system. The GAO's advice was first made public at a September hearing convened by the House Science Committee.
"The FAA is making progress, but its computer security exposure is significant and pervasive, with a lot of work remaining," GAO wrote in September. It also found that the agency's biggest failure was in conducting adequate security background checks on senior staff and thousands of contractors who had been working on the agency's computer-security networks.
To address the problems, GAO has recommended that the FAA create a system to actively track when re-investigations of federal employees are due, move quickly to complete background searches of contract employees and evaluate critical systems worked on by foreign nationals in order to assess their vulnerability to unauthorized access.
GAO also advised the FAA to move quickly to assess computer facilities and correct any weaknesses. In operations, GAO said the FAA should move quickly to complete assessments of air-traffic control systems, implement and enforce security policy systems and implement new training courses in information-systems security.
GAO said the FAA should assess the effects of security breaches on all systems, and it should enhance existing contingency plans to address potential systems breaches. In addition, the FAA should increase efforts to establish a fully operational system to detect and analyze potential security incidences. Finally, it should ensure that security breaches are reported.
GAO's report and recommendations have been sent to Congress for their review. In September, FAA Administrator Jane Garvey had said the agency was taking prompt steps to implement many of the GAO recommendations.