FAA Shifting Focus to Cyber
May 14, 2015 Leave a comment
by Kevin Shaker, Analyst, Market Intelligence
We’ve seen an increase in demand for big data and analytics products due to continued developments in NextGen at the Federal Aviation Administration (FAA), which I covered in my last blog post. However, after a recent breech in FAA’s IT security and an audit from the GAO, the administration has made acquisition of information assurance and threat & vulnerability management products a high priority.
This February the agency found malware on an administrative computer system. Forensic analysts believe the attack occurred via email. FAA responded by issuing a sole source RFP for Cyber Security Management Center support services to SRA International, which does most of the administration’s securing of data. The discovery of malware in an FAA system shows a critical need for increased cybersecurity services and products — as an attack could quite possibly lead to a plane’s inability to function, jeopardizing public safety.
Additionally, GAO-contacted auditors report the air traffic system is vulnerable to cyber-attacks and the FAA urgently needs to implement firewalls and controls to protect the system. If your company sells IPS, firewalls, or network security, now is the time to reach out to the Information Security and Privacy Service office, within the FAA’s Office of Information and Technology, and tell them how your solution can help detect and prevent cyber-attacks.
GAO has also warned the Federal Aviation Administration that their vulnerabilities include the safety and integrity of avionics systems while planes are airborne. The concern is that malicious software could move from internet-connected in-flight entertainment systems to systems in the aircraft cabin. This means that there’s opportunities for COTS vendors to sell their security products by reaching out to systems integrators, like Boeing or Lockheed Martin, that are responsible for putting the systems together.
After experiencing a cybersecurity breach and being audited by the GAO, DOT’s Office of the Chief Information Officer began coordinating with the FAA’s Security and Privacy Service Office to create a department-wide cyber incident plan. The FAA’s Cybersecurity Management Center will most likely play a large role here and you will want to reach out to involved stakeholders to see how your cybersecurity solutions can be baked into the requirements.
From DOT’s rapidly evolving IT requirements to technology initiatives in the pipeline, join immixGroup’s DOT expert, Chris Wiedemann in his on-demand Webinar, focusing exclusively on Department of Transportation Sales Opportunities next Thursday, May 21. Click here to watch the on-demand Webinar now.