FAA was ready for the Slammer, CIO says

System scanning and attention to patches helped the Federal Aviation Administration dodge the weekend's Internet worm, CIO Daniel Mehan said today at the Comnet trade show in Washington.

"We came through it well," Mehan said. "We had only one impacted machine at the FAA and only two others in the department."

The Slammer worm infected Microsoft SQL servers that had a known vulnerability and overloaded other servers on the Internet with heavy traffic.

A Defense Department spokesman said yesterday that the worm affected '900 DOD systems'the port was blocked, but the impact was minimal, and access was maintained.'

Mehan said FAA has taken an enterprisewide approach to security, and this year has focused on system scanning for security compliance. He said this helped the agency withstand the worm's onslaught.

"This was a vulnerability that the patch came out for in the middle of 2002," Mehan said. "We had the patches in, and our intrusion detection center saw it coming."

The FAA intrusion detection center worked with the Transportation Department's center and began scanning for servers that might have been vulnerable. These were taken offline if the unpatched vulnerability was found. The affected FAA server also was taken offline quickly, he said.

Mehan said he did not want to gloat over the incident. "No way do we challenge people to have another run at us," he said. But, he added, 'our preparation was pretty good."

The CIO also said his agency is coping with funding restraints and the difficulties of working without a budget for the current fiscal year. IT funding "is going up," he said, but not at the rate it did during the first two years of the decade. Spending priorities have delayed some projects, such as the smart-card pilot FAA expects to begin by the end of the year.

"We had hoped to start sooner," he said. "If we had infinite money, we could have done more."

Operating under a continuing resolution rather than an appropriation has been an inconvenience, Mehan said. "It's a little painful. You have to slow some things you might rather not have slowed. But it is not creating any problem we can't work through."

He said he hopes Congress will soon pass the fiscal 2003 appropriations omnibus bill.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected