(13.10.1997)

Existing Information Sharing Efforts

(…) We also found a great deal of information sharing already underway. Trade associations, consortia, and other groups exchange information among their members and, in some cases, directly with government. Many federal, state and local government agencies have existing relationships with infrastructure owners and operators. Within all the infrastructure sectors, at least some portions are subject to regulatory control by government agencies, and information is shared, albeit sometimes within carefully defined constraints. Several federal agencies provide information to infrastructure owners and operators. The FBI’s Awareness of National Security Issues and Response (ANSIR) program gives over 25,000 industry members information that provides threat and vulnerability insights. More narrowly focused programs are the Department of Transportation’s terrorist threat notification to the civil aviation industry and the National Security Agency’s INFOSEC Vulnerability Assessment Program, which provides information systems-related data to private sector partners. The Comptroller of the Currency operates another system providing advisories on information integrity and security risks to financial institutions.

(…)

The third and least predictable threat to the infrastructure comes from deliberate attack. Depending on their objectives, attackers may seek to steal, modify, or destroy data stored in information systems or moving over networks, or to degrade the operation of the systems and net-works themselves, denying service to their users. Attackers include national intelligence organizations, information warriors, terrorists, criminals, industrial competitors, hackers, and aggrieved or disloyal insiders. While insiders constitute the single largest known security threat to information and information systems, controlled testing indicates that large numbers of computer based attacks go undetected, and that the unknown component of the threat may exceed the known component by orders of magnitude.

(…)

The air traffic control system of the FAA is based on decades old technology. The replacement system, while doubtless more efficient, will be more vulnerable unless special security measures are incorporated.

(…)

The Commission recommends the Secretary of Transportation:

1) Fully evaluate actual and potential sources of interference to, and vulnerabilities of, GPS before a final decision is reached to eliminate all other radiovnavigation and aircraft landing guidance systems.

2) Sponsor a risk assessment for GPS-based systems used by the civilian sector, projected from now through the year 2010.

3) Base decisions regarding the proper federal navigation systems mix and the final architecture of the NAS on the results of that assessment. The DOT and FAA must develop a better understanding of interference and other vulnerabilities of GPS before a final decision is reached concerning the status of all other radionavigation and landing guidance systems. A federally sponsored thorough, integrated risk assessment would lay a sound foundation for decisions on future courses of action.

The National Airspace System

The Commission recommends the FAA act immediately to develop, establish, fund, and implement a comprehensive National Airspace System Security Program to protect the modernized NAS from information-based and other disruptions, intrusions and attack. Program implementation should be guided by the recommendations found in the Vulnerability Assessment of the NAS Architecture, prepared for the Commission. The Vulnerability Assessment included the following recommendations: (…)

3) The FAA should consider the implementation of full “trusted” hardware and software security capabilities for only the FAA’s most vulnerable future subsystems, since the software cost for embedded applications, together with full audit, tracking, and monitoring, may be too great if applied to all subsystems. Relaxation of the full capabilities, such as less rapid revalidation (e.g., a slower fifteen minutes down time) and less constant vigilance of data integrity, should be considered on a case-by-case basis for less critical subsystems, particularly in situations where existing air traffic control recovery procedures exist.

4) The FAA should conduct a comprehensive investment analysis of NAS INFOSEC in order to determine the degree of security protection that is needed

(…)

Transportation: A critical infrastructure characterized by the physical distribution system critical to supporting the national security and economic well-being of this nation, including the national airspace system, airlines and aircraft, and airports; roads and highways,trucking and personal vehicles; ports and waterways and the vessels operating thereon; mass transit, both rail and bus; pipelines, including natural gas, petroleum, and other hazardous materials; freight and long haul passenger rail; and delivery services.

(13.10.1997)

Existing Information Sharing Efforts

(…) We also found a great deal of information sharing already underway. Trade associations, consortia, and other groups exchange information among their members and, in some cases, directly with government. Many federal, state and local government agencies have existing relationships with infrastructure owners and operators. Within all the infrastructure sectors, at least some portions are subject to regulatory control by government agencies, and information is shared, albeit sometimes within carefully defined constraints. Several federal agencies provide information to infrastructure owners and operators. The FBI’s Awareness of National Security Issues and Response (ANSIR) program gives over 25,000 industry members information that provides threat and vulnerability insights. More narrowly focused programs are the Department of Transportation’s terrorist threat notification to the civil aviation industry and the National Security Agency’s INFOSEC Vulnerability Assessment Program, which provides information systems-related data to private sector partners. The Comptroller of the Currency operates another system providing advisories on information integrity and security risks to financial institutions.

(…)

The third and least predictable threat to the infrastructure comes from deliberate attack. Depending on their objectives, attackers may seek to steal, modify, or destroy data stored in information systems or moving over networks, or to degrade the operation of the systems and net-works themselves, denying service to their users. Attackers include national intelligence organizations, information warriors, terrorists, criminals, industrial competitors, hackers, and aggrieved or disloyal insiders. While insiders constitute the single largest known security threat to information and information systems, controlled testing indicates that large numbers of computer based attacks go undetected, and that the unknown component of the threat may exceed the known component by orders of magnitude.

(…)

The air traffic control system of the FAA is based on decades old technology. The replacement system, while doubtless more efficient, will be more vulnerable unless special security measures are incorporated.

(…)

The Commission recommends the Secretary of Transportation:

1) Fully evaluate actual and potential sources of interference to, and vulnerabilities of, GPS before a final decision is reached to eliminate all other radiovnavigation and aircraft landing guidance systems.

2) Sponsor a risk assessment for GPS-based systems used by the civilian sector, projected from now through the year 2010.

3) Base decisions regarding the proper federal navigation systems mix and the final architecture of the NAS on the results of that assessment. The DOT and FAA must develop a better understanding of interference and other vulnerabilities of GPS before a final decision is reached concerning the status of all other radionavigation and landing guidance systems. A federally sponsored thorough, integrated risk assessment would lay a sound foundation for decisions on future courses of action.

The National Airspace System

The Commission recommends the FAA act immediately to develop, establish, fund, and implement a comprehensive National Airspace System Security Program to protect the modernized NAS from information-based and other disruptions, intrusions and attack. Program implementation should be guided by the recommendations found in the Vulnerability Assessment of the NAS Architecture, prepared for the Commission. The Vulnerability Assessment included the following recommendations: (…)

3) The FAA should consider the implementation of full “trusted” hardware and software security capabilities for only the FAA’s most vulnerable future subsystems, since the software cost for embedded applications, together with full audit, tracking, and monitoring, may be too great if applied to all subsystems. Relaxation of the full capabilities, such as less rapid revalidation (e.g., a slower fifteen minutes down time) and less constant vigilance of data integrity, should be considered on a case-by-case basis for less critical subsystems, particularly in situations where existing air traffic control recovery procedures exist.

4) The FAA should conduct a comprehensive investment analysis of NAS INFOSEC in order to determine the degree of security protection that is needed

(…)

Transportation: A critical infrastructure characterized by the physical distribution system critical to supporting the national security and economic well-being of this nation, including the national airspace system, airlines and aircraft, and airports; roads and highways,trucking and personal vehicles; ports and waterways and the vessels operating thereon; mass transit, both rail and bus; pipelines, including natural gas, petroleum, and other hazardous materials; freight and long haul passenger rail; and delivery services.