Fairly short post for you today…
Chapter 4 of the JPDO’s NextGen Con-Ops deals with Net-Centric Operations. Pretty much the plan seems to be to share all kinds of information with all the users at any given time with various parameters on what each user is allowed to access. From page 4-5:
Information Assurance. Secure exchange of information includes access controls, trust relationships, and associated policies and mechanisms to provide appropriate access to information by authorized users. Maintenance of information assurance across security levels and domains is a critical feature of the NextGen Enterprise.
And page 4-6: [emphasis added is mine]
The success of NextGen information sharing depends on constituent trust that information is properly protected, that it is not misused or mishandled, and that recipients have a valid need for the data. In turn, this trust depends on applying information assurance policies, designs, rules, and information systems hardware and software that can be tested and certified and on the ability and willingness of the participants to effectively implement and manage their security responsibilities.
Remember in February, 2009, the FAA’s computers were hacked. From one article:
The Federal Aviation Administration notified employees on Monday that an agency computer server was hacked last week. According to the FAA, the hackers obtained access to the names and Social Security numbers of more than 45,000 employees and FAA retirees.
“All affected employees will receive individual letters to notify them about the breach,” said the FAA statement. “The FAA is moving quickly to prevent similar incidents and has identified immediate steps as well as longer-term measures to further protect personal information.”
Moving quickly, huh? Well, maybe it’s not a public safety issue; I mean it was just our social security numbers, not air traffic control related in and of itself. But then I read this article from the beginning of this month.. The Inspector General’s letter mentioned in the article can be found here.
The Federal Aviation Administration cannot effectively detect or stop cyber attacks against air traffic control systems, according to the Transportation Department inspector general.
Need I say more?