FAA's security plan ready to fly, CIO says

FAA's security plan ready to fly, CIO says

BY PREETI VASISHTHA | GCN STAFF

After a history of computer security weaknesses, the Federal Aviation Administration is confident it has a solid systems security plan in place.

'We have a five-layered approach for our security concerns,' said Daniel Mehan, FAA's chief information officer. 'We have a blueprint that looks at personnel, physical, information systems, site-specific adaptation and redundancy issues.'


FAA now has a blueprint to address security weaknesses and modernization delays, CIO Daniel Mehan says.
Any new system that FAA implements needs a security certification and authorization package verification, Mehan said.

'We have a team that checks vulnerabilities and threats associated with the system,' he said. 'It develops a disaster recovery plan and protection profiles. The developer and I sign off on the system and then it's added to the national airspace system.'

More than 100 legacy systems will be certified by May 2003, he said. The Integrated Computer Environment Mainframe and Networking system will be certified later this year.

On intrusion detection, by the end of the year the FAA's Leesburg, Va., Computer Security and Intrusion Response Capability Center will manage the detection, analysis and reporting of computer security incidents.

Background checks

By Sept. 30, FAA will reduce the number of centers that host Internet access points to eight, including centers in Alaska, California, New Jersey, Oklahoma and Washington. Now, when the agency awards a contract, it performs, with the help of the Office of Personnel Management, background checks on all employees working in sensitive positions, Mehan said.

FAA is also investigating employees who were overdue for the reviews, some by five years, he said.

'The challenge is to get funding from Congress because some of the areas such as security certification and authorization packages are new,' Mehan said. 'We also need to understand that security problems are different from Y2K. Y2K was a known problem, but with security there are new, unknown issues every day.'

The troubled Standard Terminal Automation Replacement System air traffic control project is on track, Mehan said. STARS has come under scrutiny after Rep. John Mica (R-Fla.) proposed in March that an independent review of the project be carried out, despite assurances from FAA and Raytheon Co. that the system is on schedule [GCN, April 16, Page 17].

Mica said he wanted independent experts to help him evaluate the validity of the information provided by FAA and Raytheon. 'We will cooperate with Congress and provide them with whatever data they need,' Mehan said.

He declined to comment on the controversy regarding the En Route Automation Modernization contract. FAA had announced in February that it would award the contract to Lockheed Martin Corp. without conducting an open competition. Raytheon Co. has lodged a protest [GCN, April 16, Page 17].

inside gcn

  • Pushing cybersecurity for counties

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group