COMPUTER SECURITY AND AIR TRAFFIC AUTOMATION

COMPUTER SECURITY AND AIR TRAFFIC AUTOMATION

Air traffic automation and computer security are two disciplines
which should coexist in close association with few, if any,
problems. Safety and security have often shared office space.
Yet, when these two disciplines met not too long ago, a strong
opposition to computer security within the air traffic automation
community was voiced. What were their concerns and could they be
overcome? Can we have an advanced automated air traffic system
and still meet the safety concerns of both the controllers and
system engineers as well as the computer security demands of the
new Public Law?
Public Law 100-235, The Computer Security Act of 1987, helped to
clarify the identification process of "sensitive, unclassified
systems." The first system so labeled within the Federal
Aviation Administration (FAA) was the "Air Traffic Control
System." Security had been an integral part of the planning for
the new advanced automation system. Yet, when the system design
was still very young, automated security found itself outside
looking in and wondering "what went wrong and how can we fix it?"
Identification of the problem was easy. Everyone asked was quick
to say that security had been bumped by a fear that inclusion of
a security package may deny access to a controller or system
engineer in a time of urgent need. The solution was just as
obvious.
"denial of service. However, before I even finished introducing
myself at my first meeting with the air traffic automation folks,
I quickly discovered that one other element was needed - computer
security education.
My presentation will stress the need for proper computer security
education and up-front inclusion of automated information systems
security measures.
Develop a,,security package that would not cause such a
FAA National AIS Security Program Manager
Steve Smith is the National AIS Security Program Manager for the
FAA. As such, he assists in the development of an AIS risk
analysis methodology applicable to AIS and telecommunications
networks throughout the FAA as well as serving as the action
officer for the FAA AIS Security program. Mr. Smith is actively
involved in the AIS Security for the Advanced Automation System
(AAS) which will gradually replace the existing air traffic control
system through the year 2000. He is a graduate of St. Martins
University in Lacey, Washington with a Degree in Information
Systems Management. Mr. Smith is an active member of ISSA
'(National Capital chapter) and CSI. Mr. Smith has published
numerous articles on computer security for the FAA timesharing
management newsletter and FAA management digests.