FAA Air Traffic Control System Vulnerable to Cyberattacks
Homeland Security Today (03/03/15) Vicinanzo, Amanda
According to a Government Accountability Office (GAO) audit report, security weaknesses in the Federal Aviation Administration’s (FAA) information security program place the nation’s air traffic control system at risk of being hacked. The Federal Information Security Management Act of 2002 requires federal agencies to enforce a security program that provides a framework for implementing controls at the agency, but FAA’s implementation of the program is incomplete. GAO found that FAA “did not always sufficiently test security controls to determine that they were operating as intended; resolve identified security weaknesses in a timely fashion; or complete or adequately test plans for restoring system operations in the event of a disruption or disaster.” The reports stated that FAA will face major challenges and major weaknesses will persist until the agency develops an organization-wide strategy. The FAA agreed with the 17 recommendations made by the GAO, which the GAO stated have the possibility to “compromise the safety and efficiency of the national airspace system.”
QR Codes Engineered Into Cybersecurity Protection
University of Connecticut (02/26/15) Poitras, Colin
University of Connecticut researchers led by professor Bahram Javidi want to use quick response (QR) codes to protect national security. They are using advanced three-dimensional optical imaging and extremely low-light photon counting encryption to transform a conventional QR code into a high-end cybersecurity application that can be used to protect the integrity of computer microchips. The researchers found they were able to compress information about a chip’s functionality, capacity, and part number directly into the QR code so it can be obtained by the reader without accessing the Internet, which Javidi says is an important cybersecurity breakthrough because linking to the Internet greatly increases vulnerability to hacking or corruption. The researchers also applied an optical-imaging mask that scrambles the QR code design into a random mass of black-and-white pixels. Another layer of security is then added through a random phase photon-based encryption, which converts the snowy image into a darkened image with just a few random dots of pixilated light.
Universities Start Programs to Develop Cybersleuths
Security InfoWatch (03/02/15) Forster, Dave
George Mason University is now offering what it says it the world’s first undergraduate degree in cybersecurity engineering. There are currently 64 students enrolled in the program. Old Dominion University (ODU), meanwhile, pulled faculty and staff from a range of disciplines to form the Center for Cyber Security Education and Research, which launched March 2. In January, Norfolk State University was tapped by White House officials to lead a consortium of 12 historically black colleges and universities, two national labs, and one South Carolina school district with the goal of educating students in cybersecurity. ODU hopes to promote new approaches to research by drawing from different disciplinary backgrounds. For example, psychology, understanding why some people click on a link they should not click on could help protect systems against poor decision-making. The consortium led by Norfolk State received a $25 million federal grant, and most of it will go toward creating workers who are knowledgeable about cybersecurity. In the fall, Norfolk State will add an online master of science degree in cybersecurity.