Hackers breached the network of the Federal Aviation Administration earlier this week and gained access to sensitive records, according to an aviation trade publication. The FAA breach has prompted President Obama to order an immediate review of federal cyber security.
The hackers reportedly gained access to the personnel files of 45,000 FAA workers, of which 48 files were opened and copied. The computer systems that superintend air traffic control were not breached.
President Obama has asked for a 60-day review of the “plans, programs and activities” in place to combat hacking in federal computer systems. According to DailyTech, some experts are blaming security vulnerabilities on President Bush’s administration, which they say neglected security risks and put the Department of Homeland Security in a poor position to combat hacking.
As it stands, the government is set to dole out over $10 billion in cyber security contracts over the next four years, most of them to large defense companies like Northrop Grumman and Lockheed Martin.
But that may not be enough funding to fight increasingly clever hackers, some of whom are presumed to work on behalf of the ever-intrusive Chinese government. In 2008, the UK Times uncovered evidence of a Chinese plot to engineer cyber-dominance over the U.S. and other nations, in which they planned to use network trap-doors to hamstring financial and military computer systems here and abroad. In June of 2008, hackers linked to the Chinese government were caught worming their way into computers at the Department of Defense.
Cyber security concerns have become even more poignant in recent weeks because of provisions within the American Recovery and Reinvestment Act, which will likely allocate billions of dollars of funding for the digitization of medical health records, and the construction of a computer-controlled “smart grid” to carry electricity. Breaches of those systems could be catastrophic; it’s one thing when hackers gain information on troop movements or weapons placement, but quite another when they have the power to shut off the electricity in entire swaths of the nation.
It’s not just records or utilities, either; someday, the very bodily health of American citizens could be at risk to hacking. Discover magazine reports that new “remote intelligent drug delivery” pills are being developed that will monitor a patient’s vital signs from inside the body. The problem: Drug delivery and unit control will be conducted wirelessly by medical technicians, leaving it vulnerable to attack by hackers. Taking control of a patients internal smart pill could gain a malefactor access to sensitive patient information or even the rate of drug dispersion inside the body.
The FAA break-in follows a string of recent high-risk hacks to high-profile private sites like Facebook and Twitter. MSNBC reported last week that hackers hijacked a North Carolina woman’s profile and begged her friends for wired money transfers. In January, a hacker gained control of a Twitter employee’s administrator account, using it to send out a phishing scam link to users, and to publish the passwords to several prominent users’ accounts–including President Obama’s.
Security consultants have blamed those sites’ relatively weak security requirements for the ease of the hacks. In the case of the Twitter breach, the employee’s password, “happiness,” was vulnerable to anyone with a dictionary-based key-gen program.
The President hasn’t announced who he’ll appoint to conduct the cyber security audit within the government, or what kind of action he’ll take to ameliorate the problems they’ll find. Hopefully, in 60 days the federal government will take some time off from funding new public works projects with the stimulus bill and put some money toward firewalls.