[Cryptography] Air Traffic Control computers are maintained about as well as most home machines
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Mar 3 21:19:48 EST 2015
Jerry Leichter <leichter at lrw.com> writes:
>While the Federal Aviation Administration (FAA) has taken steps to protect
>its air traffic control systems from cyber-based and other threats,
>significant security control weaknesses remain, threatening the agency's
>ability to ensure the safe and uninterrupted operation of the national
>airspace system (NAS).
There's another view of that as well, which is that while lack of security
controls may threaten "the agency's ability to ensure the safe and
uninterrupted operation of the national airspace system (NAS)", enforcement of
standard security controls would virtually guarantee that "the agency's
ability to ensure the safe and uninterrupted operation of the national
airspace system (NAS)" would be impaired. For example:
In some situations the use of shared credentials is even enshrined in
organisational policy, typically where the organisation has analysed the
situation and decided that availability is more important than nominal
security. For example in air traffic control, where availability is
paramount, organisations use group passwords for systems that control radar,
navigation and communications gear, the instrument landing system (ILS), and
similar equipment. The fact that everyone in the group knows the password
means that thereâs little chance of anything ever being inaccessible for
lack of the correct password, with 41% of Federal Aviation Administration
(FAA) facilities in the US reporting the use of group logins for this
purpose [86].
[...]
An extreme case of the shared login is the 24-hour login, in which the user
is never logged off. This is typically used in high-availability systems
that are manned around the clock, thereby speeding up shift changes (thereâs
no need for one shift to log out and the next one to log straight back in
again) and increasing availability since a system thatâs never logged out
canât become inaccessible for lack of a password. This is an example of the
type of practical flexibility and resilience that theoretically less secure
passwords add to a system, in which the use of a stricter, theoretically
more secure access control mechanism would significantly impact the
reliability and availability of the overall system, a social issue discussed
in more detail in âUser Conditioningâ on page 16.
Peter.
More information about the cryptography
mailing list