[Cryptography] Air Traffic Control computers are maintained about as well as most home machines

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Mar 3 21:19:48 EST 2015


Jerry Leichter <leichter at lrw.com> writes:

>While the Federal Aviation Administration (FAA) has taken steps to protect
>its air traffic control systems from cyber-based and other threats,
>significant security control weaknesses remain, threatening the agency's
>ability to ensure the safe and uninterrupted operation of the national
>airspace system (NAS).

There's another view of that as well, which is that while lack of security
controls may threaten "the agency's ability to ensure the safe and
uninterrupted operation of the national airspace system (NAS)", enforcement of
standard security controls would virtually guarantee that "the agency's
ability to ensure the safe and uninterrupted operation of the national
airspace system (NAS)" would be impaired.  For example:

  In some situations the use of shared credentials is even enshrined in
  organisational policy, typically where the organisation has analysed the
  situation and decided that availability is more important than nominal
  security.  For example in air traffic control, where availability is
  paramount, organisations use group passwords for systems that control radar,
  navigation and communications gear, the instrument landing system (ILS), and
  similar equipment.  The fact that everyone in the group knows the password
  means that there’s little chance of anything ever being inaccessible for
  lack of the correct password, with 41% of Federal Aviation Administration
  (FAA) facilities in the US reporting the use of group logins for this
  purpose [86].

  [...]

  An extreme case of the shared login is the 24-hour login, in which the user
  is never logged off.  This is typically used in high-availability systems
  that are manned around the clock, thereby speeding up shift changes (there’s
  no need for one shift to log out and the next one to log straight back in
  again) and increasing availability since a system that’s never logged out
  can’t become inaccessible for lack of a password.  This is an example of the
  type of practical flexibility and resilience that theoretically less secure
  passwords add to a system, in which the use of a stricter, theoretically
  more secure access control mechanism would significantly impact the
  reliability and availability of the overall system, a social issue discussed
  in more detail in “User Conditioning” on page 16.

Peter.


More information about the cryptography mailing list