- The Washington Times - Thursday, September 28, 2000

The Federal Aviation Administration still must complete more than 1,000 background checks on contractors who work on the agency's computers, according to a new report on the FAA's progress toward improving computer security.

The FAA also must improve security on many computers because they are vulnerable to attack from hackers outside the agency and employees and contractors within the agency, the Transportation Department's inspector general said yesterday at a House Science Committee hearing.

"This egregious oversight … has increased the risk of intrusion and attack to our nation's aviation-control system," said Rep. F. James Sensenbrenner Jr., Wisconsin Republican and chairman of the committee.

Yesterday's hearing gave Congress a chance to measure the FAA's progress toward addressing a litany of computer-security lapses outlined in a report released last month by the General Accounting Office, the investigative arm of Congress. The August report was the GAO's fourth since 1998 on FAA computer security.

DOT Inspector General Kenneth Mead testified yesterday that 3,041 contractors are working on critical FAA computer systems, but background checks had been completed on just 1,975 workers as of Friday. The others continue working on the agency's computers pending completion of the checks.

Agency reports show 98 percent of the FAA's 48,000 federal workers have received background checks, according to the GAO. But among FAA officials requiring top-secret clearances for access to computer systems, Mr. Sensenbrenner said, 21 percent allowed their clearances to lapse.

The agency's attention to detail is poor, Mr. Sensenbrenner said.

FAA Administrator Jane Garvey told the Committee the government won't complete background checks on contractors until at least March.

Apart from concerns over unauthorized access to FAA computers, the agency still must work to improve the security of its computer systems, the inspector general said.

Mr. Mead said the agency's computer system remains vulnerable because many of its computers are "highly interconnected."

By logging onto the FAA Web site, the inspector general's office gained access to about 270 DOT computers. In addition, 900 computers throughout the DOT were vulnerable to attack from contractors on other computers within the department.

One DOT employee with unauthorized access embezzled $600,000 from the transportation department, Mr. Mead said.

Mrs. Garvey emphasized that the nation's air-traffic-control system is not at risk because computers running the network operate independently of the FAA's other computer systems.

"We're doing everything we can. We have the best controllers in the world. We have the best technicians in the world. There are challenges, but we are doing all we can and we have a very secure system," Mrs. Garvey said.

The FAA has taken many steps to correct its computer-security shortcomings, Mrs. Garvey said, including hiring the agency's first chief information officer to oversee its technology work.

Mr. Sensenbrenner lambasted Mrs. Garvey and the FAA for failing to know its computer systems were not secure until the GAO began pointing out the vulnerabilities.

Despite all the criticism of the FAA, Mr. Mead said its computer security is better than security at most other Transportation Department agencies.

"I think the FAA is in better shape. Considerably better shape," he said.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide