Report: Air traffic control system vulnerable to cyberattack

An Airbus A380 plane performs at the Airshow China 2014.

Washington (CNN)Problems with the Federal Aviation Administration's cybersecurity is "threatening the agency's ability to ensure the safe and uninterrupted operation of the national airspace system," a new Government Accountability Office report out Monday found.

The 42-page document "Information Security: FAA Needs to Address Weaknesses in Air Traffic Control Systems" concludes the agency has taken steps to decrease vulnerabilities, but did not fully address problems including those which could make critical computer systems vulnerable to hackers.
"These include weaknesses in controls intended to prevent, limit, and detect unauthorized access to computer resources, such as controls for protecting system boundaries, identifying and authenticating users, authorizing users to access systems, encrypting sensitive data, and auditing and monitoring activity on FAA's systems," the GAO authors wrote.
The agency's information security systems and procedures did not meet the requirements of a 2002 law, and its information security strategic plan had not been updated since 2010, the auditors found.
    "These shortcomings put (national airspace) systems at increased and unnecessary risk of unauthorized access, use, or modification that could disrupt air traffic control operations," the report says.
    The GAO's 17 public recommendations include increasing training, do a better job of identifying and fixing problems, strengthening protocols for access control, increasing organizational planning, and keep better records to allow monitoring data traffic to detect unauthorized access.
    A separate document, which details specific security problems and identifies 168 actions that should be taken, will not be made public.
    The FAA agreed with the GAO's recommendations in a two page letter included in the document and highlighted their efforts to increase cyber security.
    "The Agency is fully cognizant of the vital requirement to secure the National Airspace System cyber environment as part of the nation's critical infrastructure," Keith Washington, the Acting Assistant Secretary for Administration wrote.