patching their systems to make them harder to hack.What ATC organizations should be doing is the same as all other organizations which are targets, for example: In the case of ATC an attacker could, with the right expertise and resources, penetrate and map out critical ATC computer infrastructure to the point where it could be widely disrupted.
#ACCESS ATC BROADBAND INTERNET SETTINGS PC#
Once the attacker owns the user's PC he/she can then sniff around the network and compromise other systems, again using vulnerabilities in operating systems and/or applications. The malware infects a user's computer using vulnerabilities in the operating system or installed applications and allows the attacker to access that computer in a way that the user cannot detect. An attacker could be a single person, a small group, or a large, state-sponsored hacking organization.Ī very common scenario is that an attacker infects users' personal computers by sending them malware (a virus, trojan horse, worm, etc) in an email, or emailing links to websites which have been compromised. Attackers go after protected targets by gaining a foothold on internet connected systems and using them as jumping off points to other systems. However, you don't have to have systems directly connected to the internet for them to be vulnerable to attack, in fact they don't have to be connected at all. I would not expect ATC systems to be directly accessible from the internet as that's a very bad idea, but I would not be surprised if it came to light that someone had been dumb enough to do it. I've been an information security consultant for more than a decade and every time I think I've seen it all I see new levels of foolishness.
You'd be surprised what's connected to the internet. However, I'm not aware of the security systems, though we can be sure that they do have some sort of encryption (If I'm correct, Lockheed Martin supplies the software) and have firewalls to protect the systems. So, the ATC does use internet, though this is mainly to transmit information. Such an interconnected worldwide system requires a standard platform, which will not be possible (or atleast very difficult to maintain) if a closed, proprietary platform is used. are now working all over the world within an industry where systems are connected across organisations, countries and continents. According to, which manages UK airspace, These new systems.will also employ digital and Internet-based computer-networking technologies, exposing the air traffic control (ATC) system to new cybersecurity risks.Īs to why the ATC is connected to the internet, it basically boils down to ease of operation. the shift to NextGen technologies will require FAA to replace its proprietary, relatively isolated ATC computer systems with information systems that interoperate and share data throughout FAA’s operations and those of its aviation partners. This increasing connection to the internet does increase the associated risks. Image from GAO report on Air Traffic Control New technologies will use an Internet Protocol (IP) based network to Nation’s ground-based ATC system into a system that uses satellite-īased navigation and other advanced technology. NextGen is a modernization effort begun in 2004 by FAA to transform the According to US Government Accountability Office,
FAA's NextGEN modernization involves a significant amount of information transmission over the internet. Behind the scenes there are almost always semi-direct connections through routers shared between the control system and business systems that can be exploitedĪctually, the use of internet for sharing of information is increasing.
when most managers say there is no connection to the Internet, they are unaware of maintenance connections. It is the behind scene connections, that are routed through the internet. Note that the ATC is not connected directly to the internet.
#ACCESS ATC BROADBAND INTERNET SETTINGS SOFTWARE#
Toward the use of commercial software and Internet Protocol (IP) -based Federal Aviation Administration (FAA) has increasingly turned According to Review of Web Applications Security and Intrusion Detection in Air Traffic Control Systems, Office of Inspector General, DoT, The Air Traffic Control system has a number of components, some of which transmit information over the internet. The Air Traffic Control system does transmit information over the internet.
0 kommentar(er)
