FAA's Latest Security Challenge Is in Cyber Space, Not the Skies

By Joe Davidson
Wednesday, February 11, 2009

The mission of the Federal Aviation Administration is "to provide the safest, most efficient aerospace system in the world."

Fortunately, it does that better than safeguarding its computer system.

Last week, the FAA administrative computer server was hacked. Among the 48 breached files were two that contained the names and Social Security numbers of more than 45,000 employees -- almost the entire staff -- who were on the agency's rolls the first week of February 2006.

That's bad enough, but what also riles workers is the delay between the intrusion and the notice given them Monday.

"We were at risk, and nobody knew it," said Tom Waters, president of Local 3290 of the American Federation of State, County and Municipal Employees.

An FAA spokeswoman, Laura J. Brown, wouldn't comment on the delay or precisely when the breach occurred. She did say it took time "to determine exactly what information was stolen."

A letter from Lynne Osmus, the acting FAA administrator, to current and former employees says "medical information from the hacked files was encrypted and not identifiable." Brown said she didn't have details on what other data, including birth dates and home or e-mail addresses, might have been taken.

The FAA breach -- the air traffic control system was not compromised -- came a few days before Monday's announcement that President Obama has ordered a review of cyber-security activities throughout government.

"The national security and economic health of the United States depend on the security, stability and integrity of our nation's cyberspace, both in the public and private sectors," said John Brennan, assistant to Obama for counterterrorism and homeland security.

Focusing on national security, writ large, is good, but officials shouldn't overlook the individual security of federal workers and the rest of us whose personal information is housed in government databases.

While the FAA was hit this time, it certainly is not alone. Uncle Sam's main jobs database, USAJobs, which is run by Monster.com, was hacked last month.

The security of government computers has been deemed a "high-risk" area, by the Government Accountability Office. "Most agencies continue to experience significant deficiencies that jeopardize the confidentiality, integrity, and availability of their systems and information," the GAO said last month. "For example, agencies did not consistently implement effective controls to prevent, limit, and detect unauthorized access or manage the configuration of network devices to prevent unauthorized access and ensure system integrity."

CONTINUED     1        >

© 2009 The Washington Post Company