Federal Aviation Administration computer systems remain vulnerable to cyber attacks despite improvements at a number of key radar facilities in the past year, according to a new U.S. government review.
The Department of Transportation's inspector general said while the FAA has taken steps to install more sophisticated systems to detect cyber intrusions in some air traffic control facilities, most sites have not been upgraded. And there is no timetable yet to complete the project, the IG said.
FAA spokeswoman Laura Brown said the agency is working on a timetable and will notify the IG with that information soon. The FAA also said that upgrades to critical air traffic control systems have taken precedence over the intrusion detection improvements at a number of facilities.
Without the detection abilities, the FAA cannot effectively monitor air traffic control for possible cyber attacks or take action to stop them, the inspector general said in a letter obtained by The Associated Press.
The findings echo broad U.S. government worries about gaps in critical U.S. computer systems and networks that leave them vulnerable to cyber attacks by criminals, terrorists or nation states.
U.S. networks are persistently probed and attacked by hackers and criminals looking to steal money or information, get access to classified documents or military technologies, or disrupt networks that control vital utilities and services.
Last year, a government audit found that air traffic control systems were vulnerable to cyber attacks, and that some support systems had been breached, allowing hackers access to personnel records and network servers.
The computer systems used to control air traffic are often in the same building as ones used for administrative functions, but they are not connected.
Cyber experts repeatedly warn, however, that in some cases software glitches and other gaps can be exploited by hackers to move between computer systems at critical infrastructure facilities.
In the report last year, the IG warned that although most of the attacks disrupted only support systems, they could spread to the operational systems that control communications, surveillance and flight information used to separate aircraft.
Since then, the FAA has taken a number of steps to shore up the vulnerabilities in its computer networks.
In a letter to FAA Administrator Randy Babbitt, two senior members of Congress said they are concerned about the vulnerabilities. Rep. John Mica, who is the ranking Republican on the House Transportation panel, and Rep. Thomas Petri, also a Republican, urged Babbitt in a letter last week to take any necessary steps to immediately address the security issue.
Mica and Petri requested the initial inspector general's investigation into the matter last year.