NextGen architects ponder security

 - August 2, 2010, 8:50 AM

Establishing stronger cyber security must become a top national imperative, according to industry and government cyber security specialists at a recent FAA/Air Traffic Control Association Technical Symposium in Atlantic City who described–in understandably guarded terms–the general approach certain government and industry organizations are taking.

Teenagers have routinely broken into highly protected computer systems at the DOD, NASA and CIA, not to mention even more ominous sounding places such as the U.S. Navy’s Air Warfare Weapons Center, the Los Alamos National Laboratory, and have reportedly even attempted to break into a South Korean nuclear facility.
Whenever such incidents become public, government mouthpieces immediately assure us that they posed no threat to national security. Largely, that’s probably true, since most teen hackers want to attack a high-profile target for the same reason  mountaineers climb Mount Everest: because it’s there.

But teen hackers hunting for new scalps were the least of the concerns of specialists at the symposium. Foreign political, industrial and criminal penetrations are infinitely more threatening, and are increasing in numbers–up 400 percent since 2006–and in technical skill and resourcefulness, with most originating in Russia and China. Disturbing, too, is that besides their predictable military, law enforcement-related and financial targets, there has been increasing penetration of key elements of the nation’s critical infrastructure, such as electricity-generating plants and transmission networks, nuclear power stations, communications of all types, ports, transportation centers and similar facilities, most of which have little or no protection against attacks by sophisticated and determined adversaries.

Importantly, however, the noncriminal penetrations don’t usually inflict damage; their prime purpose is to gather classified strategic information, but that information could be used against us to crippling effect in any future foreign confrontation. And to answer the obvious question, Patrick Miller of ICF International told symposium attendees that there is simply no silver bullet to ward off the ever changing forms of attack; 100-percent data protection is unachievable, and total security in the information age is just not feasible. Miller’s fellow panelists agreed, unanimously. It appears that espionage, both before and since the arrival of computers, remains a cat-and-mouse affair.

The challenge is complex, as a superbly protected government procurement department would daily deal electronically with hundreds of small suppliers who cannot afford similar levels of protection, thereby potentially providing “trapdoors” through which adversaries could enter.

Since 9/11, critical infrastructure protection has been the responsibility of the Department of Homeland Security, but the National Security Agency (NSA)–the government’s secretive, eavesdropping group–has taken over this task and had launched a major initiative with a $100 million contract to Raytheon for the initial phase of a much larger program to beef up government and industry cyber security.

Under the name of “Perfect Citizen,” the program will deploy sophisticated sensors in computer networks that would sound an alert when they detect unusual activities suggestive of a cyber attack. Some have expressed concern that such an Orwellian-named project could impinge on individual privacy, but a military official was quoted as stating that it would be no more intrusive than a traffic camera.
The FAA is working on an advanced cyber security protection system for NextGen and other areas. But there’s always a cynic in the crowd. During a symposium coffee break, one attendee suggested that a hacker entering the agency’s computer network today would quickly conclude “Move along; there’s nothing to see here.”