According to a copy sent to the FAA this week (FAA) The chief inspector general's Report , Hackers have invaded several times in recent years FAA Flight control mission support system based on FPGA .
The report states that , this year 2 month , Hacker Inbreak FAA A public computer , Use it to access personally identifiable information , For example, social security numbers . These are 4.8 Ten thousand FAA Information of current and former employees .
last year , Hacking FAA Important network servers , These servers may be shut down , That could be a serious disruption FAA Task support network for . The report, released on Monday, said , Hackers take over FAA Computers in Alaska , Enter the network as an insider , And then we use interconnected networks , Steal the password of an Oklahoma State administrator , Implanting malicious programs , And then invade FAA Network domain name controller in the Western Pacific Region , More than 4 Ten thousand FAA User's ID, Passwords and other information used to control part of the mission support network .
The report also found that ,2006 year , A computer virus invades flight control (air traffic control;ATC) system , force FAA Partial closure of Alaska FAA system .
So far , These attacks mainly disrupt mission support (mission-support ) function , But the report warns , Attacks may spread to the operating network through network connections (operational
networks), Immediate impact monitoring , Communication and flight information processing operation .
The report concluded that ： In our opinion , Unless quick and effective action is taken , Otherwise, the flight control system will encounter attack and seriously affect the flight control operation , Sooner or later .
The report states that , The reason why hackers may intrude , It is because the network application supporting the operation of flight control system is not properly protected , To prevent unauthorized access , Moreover, network intrusion detection software is not fully used , To monitor network attacks .
FAA At first, the flight control system mainly relied on proprietary software , However, in recent years, commercial software and IP Type technology , The security risk to the system will increase accordingly .
The report says ： Now? , Hackers can take advantage of business IP Product security weaknesses , Intrusion control system . This is at a time when the country is facing the threat of cyber attacks sponsored by advanced countries , Especially worrying .
Security experts said , On the whole , America's vital infrastructure is increasingly exposed to risk , Because it used to be isolated , Closed systems gradually migrate to the Internet , And it uses Windows This kind of commercial software .
Flight control system inspector said , They're in the web application under test , Find more than 760 High risk security vulnerability , Includes the provision of an open system “ front-door access ”(front-door
access) Security vulnerability of , Allows hackers to plant malicious programs FAA User's computer . The inspector found that , The problem is that the network application is not fully configured , The potential known security vulnerabilities of the application itself have not been fixed in time .
FAA spokesman Laura Brown express ,FAA We have found out the weakness, and we will mend it , At present, we are developing the security architecture of the whole system . But she refutes claims that hackers may have access to important flight control operating systems .