IBM, FAA team up to tackle severe security risks to flight data

The Federal Aviation Administration and IBM will partner up over the coming months to research a cybersecurity system best equipped to safeguard the agency's vulnerable flight data.

IBM officials described the program in a release early Tuesday as a way to help the federal agency battle back constant attempts to hamper its networks with viruses, computer bots and other malware, while assisting FAA administrators in preventing and catching those online offenders.


"The FAA has a particular, critical infrastructure that needs to be protected from both outside intruders and things that might be inadvertently or maliciously inserted inside the network," Todd Ramsey, the general manager of IBM's federal project, told The Hill, adding IBM has long assisted the flight agency with technology and consulting.

"This was kind of a natural merger of their needs, and our capabilities, under an innovation umbrella," he said.

The expanded FAA-IBM partnership arrives almost a year after federal regulators discovered several critical security holes in the FAA's computer setup — a rising number of lapses that have in some cases resulted in stolen data or jeopardized the flights over which the FAA has chief stewardship.

A May 2009 report by the Department of Transportation's inspector general revealed the FAA had been the subject of a serious attack in which hackers stole 48,000 former and current employees' personal information.

That report also noted the agency fell victim to another crippling incident in 2008, when hackers assumed control of the FAA's systems and "gained the power to shut down [its] networks."

Two years earlier, a computer virus spread to the FAA's servers and infected its air-traffic control operations, forcing the agency to shut down a portion of that crucial system in Alaska, according to the report.

Consequently, the inspector general characterized the FAA's "intrusion-detection" capabilities in 2009 as "ineffective," and he called on lawmakers and FAA leaders to reform their infrastructure immediately.

"In our opinion, unless effective action is taken quickly, it is likely to be a matter of when, not if, [air-traffic control] systems encounter attacks that do serious harm to [their] operations," the IG report stressed in May 2009.

FAA officials were unavailable for comment late Monday due to an agency conference.

Still, IBM's Ramsey said on Tuesday the expanded partnership with the FAA would help the agency draft a "proof of concept" for new cybersecurity procedures, which the FAA could later adopt with the help of Congress and the federal rulemaking process.

But he suggested in a statement announcing the project that its early work would also be essential in cutting down threats that have historically plagued the FAA and other federal agencies.

“Cyber attacks have become a global pandemic and no system is immune,” Ramsey noted. “Through this collaboration with the FAA, as well as others underway in government and the private sector, we hope to develop comprehensive solutions for protecting the digital and physical infrastructures of critical national networks and enterprise systems."