If one were involved in an aircraft accident this could certainly have an effect on your health. In the news this week are 2 healthcare breaches, one in Virginia and one in California. According to this article, there is also a lack of budgeting to help protect the FAA with security and web based software and more money is allotted towards bird abatement. The return here for a hacker would not be as great as securing credit cards and social security numbers as found in healthcare records, but the consequences with one crash could be horrific.
One more time we are back to budgets and money. Will those who serve on budget committees wake up and realize that if we are to fully utilize and take advantage of technology, we need to ensure security on web based applications as well as internal servers. Hopefully, this last week has helped make the point here.
One example of how security can be enhanced is shown here at Harvard, using a vendor to monitor and keep watch over web based applications:
The attack on Berkeley is now being reported as a potential SQL Injection attack. Below is a link on a fictional account on how far a SQL injection attack can go. The video is in Windows Media format and uses Las Vegas as the setting for the story. You can also go here to view in Silverlight from the site. This is a race between the good guys and bad guys. The good guys come in and find flaws, etc. and save the day. It is not too technical and almost anyone can grasp what is going on here. Great video.
The challenge for the team is to keep the system operating as the casino loss of money is huge, but also clean and update the system. Money is being stolen from both the Casino and big roller guests.
The long and short of all of this, SPEND THE MONEY ON SOFTWARE SECURITY SYSTEMS. The developers were so busy functioning on the functionality of the software, security issues were over looked. BD
In the past four years, hackers have hobbled air traffic control systems in Alaska, seized control of Federal Aviation Administration network servers, and pilfered personal information from 48,000 current and former FAA employees, according to a newly released government report.
The report, "Review of Web Applications Security and Intrusion Detection in Air Traffic Control Systems," was published Wednesday by the Department of Transportation Office of the Inspector General.
It's also a matter of money, which could be easier to obtain under a cloud of imminent danger: The FAA has been pushing its Next Generation Air Transportation System, a project to update the nation's air transit infrastructure that's expected to cost at least $20 billion.
With any luck, that amount of funding will also buy a few scarecrows. There were almost 10 times as many wildlife strikes against airplanes in 2007 (7,666) as air traffic control cyberincidents in 2008. Such collisions -- recall the bird strike that sent US Airways Flight 1549 into the Hudson River in January -- cost an estimated $628 million in monetary losses annually, to say nothing of the potential loss of life. Hackers just don't have that kind of impact, unless they wander onto a runway.