WASHINGTON (Reuters) - Major security vulnerabilities in the Federal Aviation Administration’s information systems are putting air traffic control programs, along with plane passengers, at risk, two U.S. senators said in a letter to the transportation secretary on Monday.
“These vulnerabilities have potential to compromise the safety and efficiency of the national airspace system, which the traveling public relies on each and every day,” Senator Bill Nelson, a Florida Democrat, and Senator John Thune, a South Dakota Republican, wrote to Transportation Secretary Anthony Foxx.
In a separate statement, Nelson said a hacker could cause “delays, near misses or potentially even a disaster.”
Foxx will testify on Tuesday before the Senate Transportation Committee, which Thune chairs.
The letter was prompted by a January report from the Government Accountability Office that warned that major weaknesses in the agency’s information systems put “the safe and uninterrupted operation of the nation’s air traffic control system at increased and unnecessary risk.”
The FAA has weak controls “intended to prevent, limit, and detect unauthorized access to computer resources” and also has a limited ability “to detect and respond to security incidents affecting its mission-critical systems,” according to the GAO, an independent, non-partisan organization that audits federal programs and agencies.
The GAO also found the FAA had not tested plans for restoring system operations in the event of a disruption or disaster.
In their letter, which was also sent to the head of the FAA, Thune and Nelson demanded a full accounting of the status of the 17 recommendations the GAO made for strengthening cyber-security, which included more training, better analysis of network traffic and detection of anomalies, and stronger network sensors.
Reporting by Lisa Lambert; Editing by Peter Cooney