Less than half of the recommendations needed to protect the nation's air traffic control systems from computer hackers and terrorists have been implemented by the FAA, Sen. Charles Schumer said Sunday, addressing a recent government report that exposed cybersecurity risks to air travel.
"They must do more and do it more quickly," said Schumer (D-N.Y.), who is urging the Federal Aviation Administration to implement 17 recommendations by the Government Accountability Office and 168 specific actions to upgrade its security systems.
The measures would affect the nation's 500 air traffic control towers, 160 terminal radar control facilities and 22 air route traffic control centers that guide more than 228,000 aircraft -- including 2,850 flights that are in the air at any given time.
"Such a threat of taking over this system makes your stomach sink," Schumer said.
The GAO released a three-year report saying the nation's air traffic control systems for managing planes and other aircraft are at "increased and unnecessary risk" of being hacked.
The government watchdog report acknowledged steps have been taken by the FAA to protect against cyber-attacks. However, "significant security control weaknesses remain, threatening the agency's ability to ensure the safe and uninterrupted operation."
One area of weakness is preventing and detecting unauthorized access to its computer and communications systems, which process and track flights around the world, according to the GAO report. The FAA relies on more than 100 of these air traffic systems to direct planes.
The report also cited the FAA's failure to encrypt sensitive data and to upgrade password access to authenticate users, Schumer said, adding that some of these security upgrades took three years to install.
In response, FAA spokeswoman Arlene Salac released a statement saying the agency is "actively addressing the recommendations in the GAO report, and has already remediated a number of technical findings." However, she could not say how many of them have been corrected.
The statement said the FAA Cybersecurity Steering Committee is reviewing the report's recommendations.
Schumer said the FAA "must adopt" the recommendations of the National Institute of Standards and Technology.