FAA's security plan ready to fly, CIO says

FAA's security plan ready to fly, CIO says


After a history of computer security weaknesses, the Federal Aviation Administration is confident it has a solid systems security plan in place.

'We have a five-layered approach for our security concerns,' said Daniel Mehan, FAA's chief information officer. 'We have a blueprint that looks at personnel, physical, information systems, site-specific adaptation and redundancy issues.'

FAA now has a blueprint to address security weaknesses and modernization delays, CIO Daniel Mehan says.
Any new system that FAA implements needs a security certification and authorization package verification, Mehan said.

'We have a team that checks vulnerabilities and threats associated with the system,' he said. 'It develops a disaster recovery plan and protection profiles. The developer and I sign off on the system and then it's added to the national airspace system.'

More than 100 legacy systems will be certified by May 2003, he said. The Integrated Computer Environment Mainframe and Networking system will be certified later this year.

On intrusion detection, by the end of the year the FAA's Leesburg, Va., Computer Security and Intrusion Response Capability Center will manage the detection, analysis and reporting of computer security incidents.

Background checks

By Sept. 30, FAA will reduce the number of centers that host Internet access points to eight, including centers in Alaska, California, New Jersey, Oklahoma and Washington. Now, when the agency awards a contract, it performs, with the help of the Office of Personnel Management, background checks on all employees working in sensitive positions, Mehan said.

FAA is also investigating employees who were overdue for the reviews, some by five years, he said.

'The challenge is to get funding from Congress because some of the areas such as security certification and authorization packages are new,' Mehan said. 'We also need to understand that security problems are different from Y2K. Y2K was a known problem, but with security there are new, unknown issues every day.'

The troubled Standard Terminal Automation Replacement System air traffic control project is on track, Mehan said. STARS has come under scrutiny after Rep. John Mica (R-Fla.) proposed in March that an independent review of the project be carried out, despite assurances from FAA and Raytheon Co. that the system is on schedule [GCN, April 16, Page 17].

Mica said he wanted independent experts to help him evaluate the validity of the information provided by FAA and Raytheon. 'We will cooperate with Congress and provide them with whatever data they need,' Mehan said.

He declined to comment on the controversy regarding the En Route Automation Modernization contract. FAA had announced in February that it would award the contract to Lockheed Martin Corp. without conducting an open competition. Raytheon Co. has lodged a protest [GCN, April 16, Page 17].


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected