Amid talk of the “safest decade” for American air travel, a Wisconsin congressman scorched the Federal Aviation Administration (FAA) for shortcomings in its computer security.
Security of the FAA systems “affects every single human being on the planet that flies in aircraft,” Van Orden said during a Feb. 7 House Transportation and Infrastructure Committee hearing about the FAA’s future funding and operations.
No Cyberattack–Yet
In a statement, the FAA blamed the NOTAM failure on contract personnel who “unintentionally deleted files” while synching a live database with a backup. The investigation found no evidence of malicious intent or a cyberattack.Under TPI, at least “two authorized persons” must be involved before specific computer-system actions can be completed, thus blocking sabotage from a single “bad actor.”
Van Orden asked Nolen whether the TPI policy was in place before or after the incident. But Nolen refused to answer, citing the “ongoing investigation,” Van Orden said.
‘Poor Management’
Although Van Orden said he was glad that the TPI procedure is now in place, “I take exception that we had to find this out independently.” He chastised the FAA for its “remarkable lack of forethought” regarding cybersecurity.“I’m thankful it was a case of poor management and delinquent policy standards as opposed to a malicious actor targeting aircraft or aircraft control systems,” Van Orden said, “because I don’t know if our aircraft would be flying today if it were.”
Van Orden asked Boulter whether a thorough review was being conducted “to identify any other single point of failure or vulnerability.”
When Boulter responded that he was unsure what was explicitly being done, Van Orden pointedly asked: “OK. Please do me a favor. Will ya give ‘em a call after you get out of this meeting?”
Safety Is Paramount
Van Orden’s concerns surfaced after the committee had heard more than three hours of testimony from Boulter and four other witnesses.Van Orden said he agreed “safety is paramount,” noting that “safety” appeared about 400 times in the witnesses’ written testimony. He was concerned that security was given short shrift, noting he counted only 15 mentions of that word.
Rep. Sam Graves (R-Mo.), chairman of the committee, launched the session by stating that he’s a professional pilot and an active user of America’s flight networks–and he is proud that our nation sets “the gold standard for aviation safety” worldwide.
During the past 13 years, there have been zero passenger fatalities on scheduled domestic passenger flights, even though ridership increased 50 percent during a 16-year span that preceded the coronavirus pandemic.
“Even following the safest decade in our history, our aviation systems clearly need some urgent attention,” Graves said. “As Mr. Boulter says in his testimony, ‘complacency and stagnation are equal threats to a safety culture.’”
Nipping Problems in the Bud
Rep. Rick Larsen (D-Wash.), the top Democrat on the committee, said it has become apparent that outdated computer systems need to be upgraded. He said the committee is working “to ensure the FAA has the necessary funding and long-term certainty it needs.”Chairman of the aviation subcommittee, Rep. Garret Graves (R-La.), declared: “We just had the safest decade in aviation history.”
While the goal is zero deaths, Graves said there had been three fatalities among passenger airlines during that span. In contrast, there were about 140 such deaths in the previous decade.
Yet, he said, there have been many recent near-collisions and other “close calls,” along with multiple problems with airline staffing, air-traffic control, and reservation systems.
“We need to all be very concerned about what’s going on,” Graves said. On the horizon, big changes are coming because of new technologies, he said. And, at the same time, “the system is stretched to capacity” as demand for travel goes up.
“Right now, the alarm bells should be going off across our aviation industry,” he said. “The only way we can ensure safety is being proactive in our upcoming FAA reauthorization bill and fixing issues before they become problems.”