Exclusive: FAA Computer Systems Hit by Cyberattack Earlier this Year

Hackers earlier this year attacked a Federal Aviation Administration network with malicious software, agency officials said Monday.

In early February, FAA discovered "a known virus" spread via email on "its administrative computer system," agency spokeswoman Laura Brown told Nextgov.

"After a thorough review, the FAA did not identify any damage to agency systems," she added.

An upcoming competition among contractors to help run an FAA cybersecurity center might be altered as a result of the incident, according to an April 2 interim award notice that casually mentioned the attack.

FAA drew up a short-term agreement for incumbent contractor SRA International without reviewing competitors' services to avoid disrupting operations while preparing a new solicitation, according to the notice.

"Due to a recent cyberattack, the FAA requires additional planning time to determine the impact to the competitive procurement's requirements," agency officials said in the notice.

SRA will continue to support the so-called Cyber Security Management Center Security Operations Center until Feb. 29, 2016, if necessary, they said.

After identifying the malware, "the agency immediately took steps to block and contain the virus and clean any affected computers,” Brown said.

The attack was limited to the administrative computer system, officials said. 

Last month, however, federal auditors reported the air traffic system was vulnerable to cyberattacks. Vulnerabilities involving non-airspace systems also threaten flight safety, a March 2 Government Accountability Office review concluded.

“The excessive interconnectivity between [the National Airspace System] and non-NAS environments increased the risk that FAA’s mission-critical air traffic control systems could be compromised,” the report stated.