Friday, October 15, 2004

Report: FAA Cybersecurity Sucks

Raise your hand if this surprises you. is running an article entitled U.S. Air Traffic Control Found Vulnerable. Some of the key points:

  1. The FAA certifies the security of computers systems as tested by their lab, not as deployed in the field.
  2. Vulnerability assessment is performed only on servers, leaving "tens of thousands" of vulnerable targets
  3. The FAA's IT security sucks

Ok, you probably guessed that I added that last item myself, but it's a pretty accurate summary of the article.

No comments: