The FAA Incident Report and the Remediation Problem

I spent the past two days on a business trip to Detroit.  After a great sales call Wednesday morning I had some time to kill in the Detroit airport and while browsing the Internet I came across the FAA report on the penetration testing done against the FAA systems.  The report lists the results of an audit done on FAA Web applications by KPMG in response to a request by Congress.  The audit tested 70 Web applications, many of them customer facing.  Some highlights of the findings:

  • The test identified a total of 763 high-risk, 504 medium-risk, and 2,590 low-risk vulnerabilities.
  • Exploiting these vulnerabilities provided paths for unauthorized access to information stored on Web application computers and to gain unauthorized access to ATC systems.
  • The vulnerabilities also served as a path to attack FAA user computers by injecting malicious code onto the computers.

To illustrate the potential consequences of the vulnerabilities discovered, during the audit the KPMG reportedly:

  • Gained access to information stored on Web application computers and an ATC system.
  • Gained access to information stored on Web application computers associated with the Traffic Flow Management Infrastructure system, Juneau Aviation Weather System, and the Albuquerque Air Traffic Control Tower.
  • Gained access to an ATC system used to monitor critical power supply at six en route centers.

Combine this with the findings release that day of the suspected pilot error in the recent commuter plane crash in Buffalo, and obviously I am now ready to jump on my plane.  Not.

After digesting the statistics of the FAA report, one statement really stuck out to me: “Cyber incidents were not remediated in a timely manner.”  The report noted that in 2008, 17% of the 877 cyber related incidents reported in 2008 had gone unresolved by year end. 

I talk a lot about the ability of Triumfant to detect attacks that frequently evade other defensive software, particularly traditional signature based software.  But the ability of Triumfant to build a remediation on the fly and stop an attack is a significant and considerable advantage when it comes to endpoint protection.  I know the FAA incidents were predominantly network intrusion type problems, but the need for speed in regards to remediation is a universal concept. 

In the video of the Triumfant 3 minute Malware Challenge, we show live the process of detecting, analyzing and remediating an actual malware attack in 3 minutes.  The conversation often stops at detection because we have such a growing problem seeing today’s attacks.  But if we are not fixing what we find, the problems run much deeper.

This entry was posted on Thursday, May 14th, 2009 at 8:52 am and is filed under Endpoint Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply