- Nokia's new N97 vs. the iPhone
- 10 Microsoft research projects
- Hard to get justice in MySpace case
- Smartphone smackdown: Storm vs. iPhone
- Apple removes antivirus support page
The Federal Aviation Administration survived last weekend's Slammer worm attack with only one administrative server compromised, and the agency that controls commercial air traffic in the U.S. is taking a multipronged attack to network security, said Daniel Mehan, assistant administrator for information services and chief information officer at the FAA.
Mehan, speaking to the media at the ComNet Conference and Expo Tuesday, said no "mission-critical" computers were compromised by the slammer attack, which shut down Internet service in some parts of Asia and slowed connections worldwide. A combination of keeping up to date with patches, keeping workers trained and using a variety of antihacking strategies kept the FAA's important computer systems running during the Slammer attack, he added.
But Mehan is not gloating because he knows more cyberattacks will come. "In no way do we taunt or challenge people to have another run at us," he quickly added. "We were quite successful in dealing with this worm, but there's always the next one."
The FAA uses several security measures to fight cyberthreats, and the agency is especially focused on such attacks since the Sept. 11, 2001, terrorist attacks on the U.S., Mehan said in his ComNet keynote address. The agency isolates its Web-enabled administrative computers from its mission-critical flight control machines; it uses multiple firewalls; it uses intrusion-detection and several packages of antivirus software; it completes an internal security audit on all new software; and it actively scans for vulnerabilities.
"We can't promise you'll never get a cold," he said of the agency's computer security. "But we have to make sure it doesn't spread to pneumonia."
All those strategies are needed, he said, because he sees a progression of "less and less hacker knowledge required for more and more sophisticated attacks."
The FAA controls 35,000 commercial flights a day in the U.S. and owns 40,000 pieces of computer equipment, Mehan said. The agency is working on updating some legacy, proprietary equipment to more open, "off-the-shelf" technology, he said, and since 2001, it has offered a series of employee meetings and computer-based training focusing on information security.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment