According to report of the FAA (Federal Aviation Administration), an audit of the Web applications connected to air-traffic control networks in U.S. found hundreds of critical vulnerabilities in the software and documented dozens of cyber incidents that continue to be unresolved. During the investigation, auditors found 763 high-risk security issues in the Web servers set up to deliver information to the public and to FAA employees. The investigation also discovered more than 3,000 other vulnerabilities including incorrectly configured Web applications and software with known security issues that were not regularly patched .The security vulnerabilities could be used to get access to information stored on the Web application computers, allow FAA users to gain unauthorized access to traffic control computers, and allow attackers to compromise the computers of users. The auditors also found that more than 800 cyber incident alerts were issued to the ATO (Air Traffic Organization) in 2008, but at the end of the year, 150 incidents remained unresolved. Over the past decade, federal agencies have only slowly improved their compliance with the FISMA (Federal Information Systems Management Act), which mandates better computer security for government systems. In the last three years, the FAA has had several serious cyber incidents, including the theft of 48,000 employee records. In a separate incident in 2008, hackers compromised the FAA's domain controllers and could have disrupted the ATC (Air Traffic Control) network, the auditors stated. The Obama administration has pledged to improve the security of U.S. government systems and is currently prepping a review of the previous administrations policy. More information could be read on SecurityFocus web site.
