subject: ATC Security - FAA Air Traffic Control Computer Security is Paramount [print this page] ATC Security - FAA Air Traffic Control Computer Security is Paramount
That means it must meet the demand of vast amounts of streaming data, have Artificial Intelligence, and keep out cyber terrorists and hackers too. Easier said than done, but let's discuss this, as it was the topic of conversation recently between two think tankers - myself and Troy Laclaire.
Troy is for localized distributive computing to handle the holographic data and spectral imaging needed for 3D ATC of the future, and he'd like to see a data dump much like the black boxes in aircraft, for instance; if no crash, mishap, near miss, or incident occurs the tape is erased and records all the future data. In this case the data is of such huge volume it will not be stored.
That sounds reasonable and yet, I thought; wait, I need all that data to program my AI computer to replace the locusts remember? My end goal is to remove human labor from the ATC equation. But he explains we could have both options in that; "The lockdown would be only used on the "ready to go" systems. If you need long term storage of date, this can easily be accomplished by having traffic "one way" from the computer the operator is using to a separate storage system." Explaining that the information needs to be "one-way" thus, preventing security problems, or viruses from entering the system.
Additionally, he suggests that "if you needed to access the stored data later on, you have a dedicated system just for this that is not connected directly to other ATC systems." Yes, that would be smart. And this is a similar system that is used at high schools with many students able to access the computers, as he understood it; "where anything a user does on the computer is wiped out and the operating system/base software are reloaded each time the computer is reset."
Yes, as I understand it, they also do this at the local library here for the public computers, and we agreed these sorts of systems are "getting to be a common practice for public systems." For the ATC computer system, Troy recommended that the ATC system would need to talk to each other long distance, so they would need some way of doing this and there are two ways of doing it:
1. Dedicated lines or satellite links between ATC with multi-layered protection to prevent outside access.
2. Use the internet, since its already there, but use a VPN type setup (we use this type of setup where I work since a lot of us are remote techs), and have multi-layered security. If using this, you also would design into the system your own communication protocol system. This alone makes it hard for a "standard" computer to be able to even "speak" to your system.
With the proper setup, it is entirely possible to allow access only between allowed computers. One level of protection we have for work is via IP address. Since each tech has their own IP address, there is a list of "allowed" IP addresses.
This means that even if, for example, you knew the URLs we use for backend access, you could not access as your IP address is not on the list. This of course is just one level of a multi-tiered security system.
Indeed, this makes perfect sense, but I asked too about the overall communication between the system, what about security risks there too, is that a weak link as well, how do we go about that challenge? Well, he explained that a multi-tiered communications system that would have separate communications layouts for local communication between systems and long distance communications. Then only a select group of technicians who are allowed to work on these systems to limit the chance of 3rd party having access to the systems [security clearances] although short of hardware problems most software issues would be resolved by rebooting the system to reload the base OS/Software - in other words, it IS possible to make a fairly secure setup, if proper steps are taken from the start.
Yes, this is one way to do it. There are also others, and variations and multiple layers which can also be employed, but as you can see setting up such a large system wouldn't be as easy as one might think and it takes a bit of preparation and considerations to get it correct. Indeed, I hope you will please consider all this.
Lance Winslow is the Founder of the Online Think Tank, a diverse group of achievers, experts, innovators, entrepreneurs, thinkers, futurists, academics, dreamers, leaders, and general all around brilliant minds. Lance Winslow hopes you've enjoyed today's discussion and topic. http://www.WorldThinkTank.net - Have an important subject to discuss, contact Lance Winslow.
