The nation's air traffic control system may be susceptible to intrusion and malicious attacks because the Federal Aviation Administration didn't investigate dozens of foreign nationals hired to fix year 2000 computer problems. That's a violation of its own security policies, according to congressional investigators.
The FAA allowed foreign citizens - including 36 Chinese nationals and citizens of Pakistan, Ukraine, Britain and Ethiopia - access to 15 of its 153 critical computer systems, according to a report issued by the General Accounting Office (GAO), the investigative arm of Congress. The report is available at www.gao.gov.
The GAO said one of the systems reviewed by the foreign citizens involved management of U.S. air traffic.
"Because the FAA failed to follow its own policies, they have increased the risk that inappropriate individuals may have gained access to FAA's facilities, information or resources," said Colleen Phillips, supervisor of civil agencies information systems at the GAO.
Since being informed of the security problem by the GAO in early December, the FAA has conducted the background checks it should have done initially, said FAA spokesman Eliot Brenner.
Brenner said the FAA's security policies don't always call for background checks. He said that in some instances a "risk assessment" could be performed, which would determine whether a background check needed to be completed.
Neither was done for the foreign nationals.
"The FAA has had real problems with computer security," said Jeff Lungren, a spokesman for the House Committee on Science, which requested the probe.
"Looking at what we found, it justified the work."