FAA hacked but no threat to air safety
It’s rare that you hear about hackers stealing personal data about 45,000 people and think things could have been worse. But about the only thing keeping spirits up in the Federal Aviation Authority’s IT department this week will be that air traffic control wasn’t hit.
Hackers were able to get access to a server containing 48 files. While most were innocuous, two contained personal data. Fortunately one containing medical data was encrypted, but the other contained unencrypted names and social security numbers for everyone who was either on the FAA payroll or receiving retiree benefits from the agency as of February 2006.
While the data loss itself is clearly the major issue, it’s particularly poor timing for the FAA’s public relations. The new series of 24 is running a storyline in which all government computers are covered by a single firewall which terrorists have now breached, allowing them to divert planes at will. While this is clearly utterly ludicrous, chances are a lot of less tech-savvy viewers will have been thinking about the subject of computer security recently, making news of an FAA security lapse even more unfortunate.
Indeed, the FAA’s media handling of the story was far from perfect. The Associated Press, one of the leading sources for newspapers and Web sites worldwide, heard of the breach from a union leader and had already published the story before the FAA issued a full statement.
To their credit, the other facets of the FAA response have been as good as can be expected once you get past the breach happening in the first place. The agency is writing to all affected staff members, updating company message boards, and has notified both law enforcement and those Congressional committees which oversee the agency.
Back in 2005 the agency installed a system to monitor and detect any security threats on its networks. At the time it said the sheer complexity of its system produced a million alerts a day, though only 15 to 20 of those were important enough to warrant further investigation.
Related Posts:
