Author Topic: Air traffic control systems hackable, GAO warns  (Read 12529 times)

Offline Neil

  • Jr. Member
  • **
  • Posts: 66
Air traffic control systems hackable, GAO warns
« on: September 27, 2005, 07:41:56 PM »
WASHINGTON - High-tech networks that link key parts of the U.S. air traffic control system lack important controls and are potentially vulnerable to hackers and others familiar with how those computer programs work, congressional investigators concluded Monday.

The Government Accountability Office (GAO) said in an update to a 2000 report that the Federal Aviation Administration has made progress in protecting information technology systems and noted the agency's contention that its interconnected networks are secure.

Greg Martin, an FAA spokesman, said separately the investigation was too narrowly focused and the agency has adequate controls in place nationwide.


"They are very secure systems," Martin said. "There is a lot that the (report) failed to take into account."

Martin said any vulnerabilities are countered by several redundancies and other controls built throughout the information-technology architecture.

But the GAO, the investigative arm of Congress, nevertheless disclosed a series of gaps that include outdated security plans, inadequate awareness training, and questions about whether the FAA could detect intruders and keep the system up during a security breach.

"The agency has not adequately managed its networks, software updates, user accounts and passwords and user privileges," the GAO found.

Other information security controls — including physical security and background investigations — also have shortcomings that are not mitigated by special operating systems and custom software.

"The proprietary features of these systems cannot fully protect them from attacks by disgruntled current or former employees who are familiar with these features nor will they keep out more sophisticated hackers," the GAO said.

These networks help provide flight tracking and other information to air traffic controllers and flight crews. They serve hundreds of airport towers, approach control centers and facilities for handling high-altitude traffic.

"Interruptions of service by these systems could have a significant impact on air traffic nationwide," the GAO concluded.

The nation's air traffic system handled more than 46 million flights in 2004. More than 640 million people flew on commercial planes. At any one time, as many as 7,000 aircraft could be in the air.

The GAO review was conducted at FAA headquarters and three other sites.



Offline tyketto

  • Hero Member
  • *****
  • Posts: 1138
Air traffic control systems hackable, GAO warns
« Reply #1 on: September 27, 2005, 08:06:08 PM »
I seriously doubt this.

according to http://www.linuxjournal.com/article/7066, ARTS was ported to Linux from a combination of LynxOS and Windows NT, roughly 2 years ago. I'd love to find out what OS GAO thinks they're running.

BL.

Offline sam_nz

  • Newbie
  • *
  • Posts: 10
Air traffic control systems hackable, GAO warns
« Reply #2 on: September 28, 2005, 01:16:40 AM »
*If* true, it can now be filed in the "non intelligent" reporting file.  There's nothing like telling hackers there's a system they haven't had a go at yet.

Offline Jonathan_tcu

  • Full Member
  • ***
  • Posts: 241
Air traffic control systems hackable, GAO warns
« Reply #3 on: September 30, 2005, 10:20:26 PM »
I highly doubt this.  From what others have been telling me, a user must log into the ATC network.  How can someone interrupt that? What about ham radio operators? Could they not intercept the ATC freq's? If I did, I wouldn't.

Offline dave

  • Site Founder
  • Administrator
  • Hero Member
  • *****
  • Posts: 4597
    • LiveATC.net
Air traffic control systems hackable, GAO warns
« Reply #4 on: October 01, 2005, 08:04:38 AM »
Quote from: Jonathan_tcu
I highly doubt this.  From what others have been telling me, a user must log into the ATC network.  How can someone interrupt that? What about ham radio operators? Could they not intercept the ATC freq's? If I did, I wouldn't.


Users must log into routers, computers, and other appliances.  And they all get hacked by the hour.  Be careful about who you believe.  I've worked in the field for a long time, and I see this stuff daily.  Some of it would make your hair stand up straight.

And as far as jamming frequencies, that has nothing to do with ham radio operators.  No widely available ham gear transmits on the aircraft band, except for the Yaesu aviation handheld, which also has the 144 MHz ham band.  Most ATC facilities have backup communication sites to protect against jamming.  And with modern direction-finding equipment, a jammer can be located in *very* short order.  I do remember one arrest for this a few years or many years ago.  I pity the person who would ever try it again.

Dave

Offline Jonathan_tcu

  • Full Member
  • ***
  • Posts: 241
Air traffic control systems hackable, GAO warns
« Reply #5 on: October 01, 2005, 08:41:08 PM »
So that probably explains the reason why you can contact a frequency say on Toronto center 128.3 and a higher freq would be 228.6 or something.  I would not hack into any ATC myself.   The more the better, right?

Offline Jason

  • Hero Member
  • *****
  • Posts: 1260
  • CFI/CFII
Air traffic control systems hackable, GAO warns
« Reply #6 on: October 01, 2005, 08:49:06 PM »
Quote from: Jonathan_tcu
So that probably explains the reason why you can contact a frequency say on Toronto center 128.3 and a higher freq would be 228.6 or something.  I would not hack into any ATC myself.   The more the better, right?


I don't believe so...That is just the two frequencies; one is VHF the other UHF.  UHF is commonly in Military aircraft and allows them to contact ATC on the UHF frequency.  I believe the UHF band begins at 300 MHz

Offline davolijj

  • Hero Member
  • *****
  • Posts: 559
  • MMAC ARSR OKC
Air traffic control systems hackable, GAO warns
« Reply #7 on: October 01, 2005, 09:08:03 PM »
Quote from: HPNPilot1200

 I believe the UHF band begins at 300 MHz


Actually that's a common misconception.  I'm not sure exactly where it begins but I believe it's 225MHz.  UHF guard frequency is 121.5 + 121.5 = 243.0.  I know of several other frequently used UHF frequencies in the 200 MHz range as well.

Offline Jason

  • Hero Member
  • *****
  • Posts: 1260
  • CFI/CFII
Air traffic control systems hackable, GAO warns
« Reply #8 on: October 01, 2005, 09:20:51 PM »
Quote from: davolijj
Quote from: HPNPilot1200

 I believe the UHF band begins at 300 MHz


Actually that's a common misconception.  I'm not sure exactly where it begins but I believe it's 225MHz.  UHF guard frequency is 121.5 + 121.5 = 243.0.  I know of several other frequently used UHF frequencies in the 200 MHz range as well.


Hey!  Me too!  Why did I post 300 MHz?  I guess the radio spectrum I picked up was wrong.  Dang internet...

Offline Jonathan_tcu

  • Full Member
  • ***
  • Posts: 241
ON guard
« Reply #9 on: October 01, 2005, 09:23:08 PM »
This brings up another simple question.  When I hear controllers say "On guard" and they call the aircraft's call sign, does that mean the frequencies are coupled to both the main freq and the ELT freq 121.5?

Offline davolijj

  • Hero Member
  • *****
  • Posts: 559
  • MMAC ARSR OKC
Re: ON guard
« Reply #10 on: October 01, 2005, 09:52:17 PM »
Quote from: Jonathan_tcu
This brings up another simple question.  When I hear controllers say "On guard" and they call the aircraft's call sign, does that mean the frequencies are coupled to both the main freq and the ELT freq 121.5?


yes...and 243.0.  By the way, when I googled UHF frequency range I found a page that said UHF is from 300MHz to 3GHz.  Apparently the Internet is not as reliable as one would hope. :roll:

Offline elmarko

  • Newbie
  • *
  • Posts: 3
Air traffic control systems hackable, GAO warns
« Reply #11 on: October 09, 2005, 07:48:48 PM »
Actually, officially, UHF is from 300mhz... thats how it's known in radiocomms.
VHF is 30-300.
HF is 3-30

Just because the military covers both VHF and UHF in that band, doesnt mean you can call 220mhz UHF. It just happens to straddle both sections.

Offline Jason

  • Hero Member
  • *****
  • Posts: 1260
  • CFI/CFII
Air traffic control systems hackable, GAO warns
« Reply #12 on: October 09, 2005, 07:52:25 PM »
Quote from: elmarko
Actually, officially, UHF is from 300mhz... thats how it's known in radiocomms.
VHF is 30-300.
HF is 3-30

Just because the military covers both VHF and UHF in that band, doesnt mean you can call 220mhz UHF. It just happens to straddle both sections.


Thanks for the clarification elmarko!  :D

Offline elmarko

  • Newbie
  • *
  • Posts: 3
Air traffic control systems hackable, GAO warns
« Reply #13 on: October 10, 2005, 08:49:26 AM »
Quote from: HPNPilot1200
Quote from: elmarko
Actually, officially, UHF is from 300mhz... thats how it's known in radiocomms.
VHF is 30-300.
HF is 3-30

Just because the military covers both VHF and UHF in that band, doesnt mean you can call 220mhz UHF. It just happens to straddle both sections.


Thanks for the clarification elmarko!  :D


No problem :)

Just to clarify what was a very fast and hurried post:

Unofficially, it's known as the UHF airband, but technically, those boundaries in terms of whether the waves are high, very high, ultra high, super high (and so on) are rigidly defined by the physicists and radio spectrum bodies that decided on them. So when you say "UHF airband" it's more an informal name than a hard and fast statement about the signal.

And to put the boundaries into perspective again, in order this time:

HF: 3-30MHz
VHF: 30-300MHz
UHF: 300-3000MHz (3GHz)
SHF: 3GHz-30GHz

It's all based on 3s because the speed of light, c, is around 300 million metres per second.