FAA Concerned about ‘Evolving Cyber Events’

The Federal Aviation Administration needs urgent help to protect its systems from looming cyber threats, according to federal contracting documents.

"Due to evolving and potential cyber events, the FAA requires critical and immediate cybersecurity methodology support to protect FAA infrastructure from malicious activities," states a Feb. 9 presolicitation notice. 

An FAA spokesman stressed to Nextgov that the notice refers to potential cyberincidents; the agency is not currently experiencing a malicious cyberincident. 

FAA is entering into an emergency 9-month deal with Mischel Kwon & Associates, a consulting firm, to support the agency’s Cybersecurity Security Operations Center, or SOC. The company had been providing similar services under an earlier contract, but the period of work has ended.  

Mischel Kwon & Associates "has a unique detailed understanding of FAA's security architecture, FAA's infrastructure, and current SOC operations and is therefore the only vendor that will allow for immediate commencement of work upon award, with no learning curve involved," the contracting notice states.

The president of the firm, Mischel Kwon, spearheaded the U.S. Cybersecurity Emergency Readiness Team, a Department of Homeland Security incident-response unit that investigates suspicious network activity nationwide. 

The contracting notice comes less than a year after attackers infected an FAA administrative computer network with a virus through an email. After the episode last February, agency officials said they had immediately taken steps to block and contain the virus and clean any affected computers.

The agency plans to hold an open competition for a follow-on to the FAA security operations center contract within the second quarter of fiscal 2016. 

In March of last year, auditors at the Government Accountability Office had warned mission-critical air traffic control systems are susceptible to cyberattacks because the networks are closely intertwined with non-airspace systems. 

A commercial aircraft passenger claims to have exploited this sort of interconnectivity mid-flight on multiple occasions, in one instance causing a plane to briefly move sideways. The flier, security researcher Chris Roberts, last spring told authorities he commanded a thrust management computer to climb by hacking into an inflight entertainment system, according to an FBI affidavit. 

(Image via EQRoy/Shutterstock.com)