While the DOT has made some progress in its information security program, some systems remain vulnerable to significant security threats stemming from deficiencies in policies and procedures, enterprise-level controls, system controls and management of known security weaknesses, according to a recent audit report from the department’s office of the inspector general (IG). The IG made a number of recommendations.
The U.S. Department of Transportation’s Office of Inspector General (IG) issued a self-initiated report on Dec. 19, 2012, about the FAA’s en route automation modernization (Eram) program’s (flight) information security controls. Unfortunately, the IG did not make the report public online due to security requirements to protect the information crews might care about.
A recent report from the Government Accountability Office (GAO) asserts that certain FAA ATC systems are vulnerable to attack by “disgruntled current or former employees who are familiar with these (proprietary protection) features, nor will they keep out more sophisticated hackers.”