Panic!
Posted by Paul Cox on May 18th, 2009
One thing that we see in the FAA is overreaction and panic. FAA “leaders” let things go for too long, then suddenly it becomes a big problem and they’ve got to panic and “fix” it.
Another thing that we see is other people in the FAA using panic and hype as an excuse to implement their own little agendas. A perfect example would be Bruce Johnson, Mr Off-the-rack-JC-Penney-sportscoat himself (ever seen the guy?), using the contract negotiations impasse as an excuse to jam through the dress code.
(The dress code was so important to Johnson that he urged managers to go ahead and delay flights, if they had to, in order to get controllers to wear Bruce-approved outfits. Granny’s late to JFK? Screw it, there’s a guy wearing sneakers at New York Tracon that needs to be taught a lesson!)
More recently, we’re seeing a similar move by the FAA. Check out this PDF file.
This memo, from the FAA to NATCA President Pat Forrey, has a number of really laughable assertions and statements in it. I’ll go ahead and quote it here:
“Efforts are underway to identify and disconnect all uncertified and unauthorized Internet Access Points (IAPs) and unregistered Wireless Access Points (WAPs), and to remove all non-FAA owned computers from Agency-owned or controlled sites.
As a result of site surveys, FAA discovered the existence of unauthorized IAPs, unregistered WAPs, and non-FAA-owned computers at FAA-owned or controlled sites. Additionally, on February 1, 2009, FAA experienced unauthorized access and potential loss of employee personally identifiable information stored on Agency networks. The existence of unauthorized IAPs, unregistered WAPs, and non-FAA computers conflicts with existing FAA Orders (1370.83 and 1370.84), which establish policy to comply with Federal statutes and regulations, including National Institute of Standards and Technology ISS publications made mandatory by the Federal Information Systems Manangement Act (FISMA). Specifically, FAA Order 1370.83, Internet Access Points (February 8, 2001) requires all IAPs to be certified and authorized to operate. FAA Order 1370.84, Internet Services (March 4, 2002) requires the registration of all wireless Internet services. The existence of unauthorized IAPs, unregistered WAPs, and non-FAA computers also creates security risks to the FAA telecommunications infrastructure, which could result in denial of service attacks, transmission interception, and unauthorized access to personal information.”
Oh boy, oh boy. The letter then goes on to say that the FAA is pulling the plug on the IAPs, WAPs, and non-FAA computers, which they say is their right under security measures.
First and foremost, the inclusion of the February data breach in this letter is pathetic. It’s being used as the excuse to get rid of non-authorized computers. The main computers they’re going after are NATCA-owned machines. You see, in countless FAA facilities, the NATCA local has a small office, and it usually contains a computer or three. Those computers are almost always hooked up to the internet- but almost NEVER are they using FAA resources (like phone lines or networking connections) to do so.
For example, several enroute facilities I’ve heard from have a few computers in the NATCA office. They usually have broadband internet via a cable modem, or a DSL line. Their internet connection is physically separate and distinct from the FAA’s computers and networks. Other locals have a computer and they get their internet over a regular telephone line and modems; again, they’re physically separate from FAA networks.
In fact, several years ago NATCA made moves nationally to ensure that their computers were kept separate from the FAA’s computers. Why? Because the FAA’s computers were continually getting infected with viruses and trojan horses and worms! NATCA took steps to further the split some years back when they set up their internal bulletin board system (BBS) so that it would not accept connections from FAA-network machines.
For the FAA to use the data breach as an excuse for this memo is utterly pathetic. The attack came from the internet and NOT through any unauthorized computers or WAPs; it came into the FAA’s own network. Frankly, NATCA has more to fear from the FAA’s network and computers than the other way around, and it’s been proven by the FAA’s inability to prevent theft of data and intrustions into their own network.
This has been borne out by a recently released DOT IG study.
From a news story:
Meanwhile, according to an audit by the US Department of Transportation, the ATC systems continue to be in great danger of security breaches because of their connections to unprotected Web applications run by the aviation authorities across the country.
Here’s another quote:
WASHINGTON — Civilian air-traffic computer networks have been penetrated multiple times in recent years, including an attack that partially shut down air-traffic data systems in Alaska, according to a government report.
The report, which was released by the Transportation Department’s inspector general Wednesday, warned that the Federal Aviation Administration’s modernization efforts are introducing new vulnerabilities that could increase the risk of cyberattacks on air-traffic control systems. The FAA is slated to spend approximately $20 billion to upgrade its air-traffic control system over the next 15 years.
Like I said, NATCA and individual FAA employees have more to fear with their own computers from the FAA than the other way around.
But there’s more. The agency’s letter asserts that IAPs/WAPs and non-FAA computers on FAA grounds constitutes a security risk… but that’s nonsensical. Let’s say that an employee at an FAA facility brings their personal laptop in to do some work on their break. If that computer isn’t hooked up to the FAA’s network, there’s no danger to the FAA; yeah, maybe some hacker will try to break into the computer somehow over the internet, but the reality is that it doesn’t matter to the FAA! It’s not hooked up to the FAA’s network!
What’s more, this memo ignores reality. Today, a vast percentage of the cellphones being sold are “smart” phones. Things like iPhones or Blackberries are basically little computers with wireless internet access built right in. Are each one of those an unauthorized computer on FAA grounds? Does the agency really expect anyone to believe that they’re going to enforce a “no cell phones on the grounds” rule? Not even in someone’s car, or if it’s turned off?
Of course not.
What about the various credit unions that have offices on FAA facility property? Are they going to have to get rid of their computers? Shut off any networking they have? What about the cash registers in cafeterias, if they’re computers, they’ve got to go, right?
This is lunacy. The FAA knows perfectly well that in today’s modern world, they can’t possibly control all of the various cellphones, netbooks, laptops, and so forth that people own. They also know that to force every vendor, contractor, and employee that’s doing legitimate FAA work on non-FAA-owned machines to get rid of their computers is ludicrous.
Instead, there are some FAA managerial types who are using this as an excuse to try and get all those troublesome NATCA computers forced off-site. They’re using the panic over information technology security as an excuse.
They should be ashamed.
Here’s what they SHOULD do. They should say “any/all non-FAA computers that are NOT hooked up in any way to FAA networks are approved so long as the users identify those computers and their networking access methods to FAA IT personnel.” Boom, problem solved. The union local gets a computer and uses a cable modem to get onto the Internet? No problem, they just have the IT person take a look at it, verify that it’s not hooked up to any FAA systems, and there’s no problem and no risk to FAA computers.
How hard is that? How difficult is it to actually WORK with your employees and trust them to help you do the right thing?
Pretty hard if you’re the FAA. Rather than using common sense and friendliness, they use threats and power and intimidation. Is it any wonder the agency’s employees hate the FAA’s upper level leaders so much?
May 18th, 2009 at 3:46 am
The incompetence of FAA management is stunning.
May 18th, 2009 at 4:23 am
“Is it any wonder the agency’s employees hate the FAA’s upper level leaders so much?”
No.
I do question your use of the word “leaders” in that line. I haven’t seen a leader in an FAA management position in a long time.
May 18th, 2009 at 5:46 am
Senator Schumer and Congressman Oberstar have called for a major house cleaning of the FAA. Bruce Johnson would be a good place to start.
May 18th, 2009 at 5:48 am
So using your idea Paul and taking it a step further I would have to get all my conversations approved from IT as they are a form of wireless network. I can see it now……IT can’t approve the village drum because it cannot be proven to be a secure network. Hackers brought “unapproved” drums and started playing off the beat.
Or how about the sign at the gate……
“It is a federal offense to bring electronic devices onto this premises”. Yeah baby……go gettum FAA.
No pacemakers…….hearing aids………psychics…….bummer there goes my idea for getting rid of the crappy radios.
May 18th, 2009 at 7:48 am
The Congress should establish a bi-partisan panel of about 5 people to do the house cleaning. The panel could make recommendations to new Administrator Babbit. One of the five panel members should be Barry Krasner.
O.K., how many FAA people can actually be “fired?” We all know that a FAA career federal employee can’t be fired due to a political sea change. You can move them, but not fire them. So look for a few major moves at the top. That could do it however. That’s coming, I think. A new Administrator and a new head of Air Traffic. Right now that’s Hank Krakowski. Look for replacments of the big Johnson, the Duche and of course the lovely doughnut queen Ventris, and a few others. Who replaces them is key. If the right folks are put in, the rest will fall in place. Then let’s actually fire all the contractors at Wash., D.C. headquarters. Could that be done? I think so.
May 18th, 2009 at 8:24 am
As much as the locals use the Internet for Union business only two words come to mind…
Union Animus.
Nuff said!
May 18th, 2009 at 8:30 am
If you look at the author of the memo and did some research, you would discover that he was part of the FAA labor relations team that forced the IWR…
May 18th, 2009 at 9:42 am
While this and real abuses of NATCA members continue Pat and the NEB say to just hold on a little longer. Why, when the FAA gets Babbitt and we get back to the Green Book and LaHood orders a cleaning out of the waste at the top, blah, blah, blah. They do what they want, when they want and NATCA hasn’t and can’t stop the splitting of facilities, employee decertification, lost medicals, more FLM’s, more management, more beauracrats in Washington, an HR that abuses its employees, Lavey. NATCA has allowed itself to get way to close to the fire without fighting back (how many thousands of undocumented abuses, grievences, have been forgotten) and now NATCA is getting burned. They are laying the last blows against a weakened fow to finish it off. Privitization is next and it will happen. The old controllers will retire and rehire, the newbies will start over and the folks in the middle will get the shaft just like FSS did. You heard it here first!
May 18th, 2009 at 10:33 am
The FAA is trying to eliminate our ability while on break at work to access non FAA computers. In my opinion this is to stymie our ability to communicate with each other, disseminate information in this very important time. It’s another shot from the Union busters! Explain to me you mental midgets, how a wireless access not connected to the FAA hardline can compromise security? I have to throw the BS flag on this one. My 10 year old granddaughter knows more than these morons.
Angry Fokker
May 18th, 2009 at 3:00 pm
Does NATCA have the ability at THIS TIME to ask Sec. LaHood to place a moratorium on changes the FAA is attempting or until the ADMIN is sworn in and can look into this and after a contract is ratified?
Wait, we’d have to build a few more bridges to accomplish that and since Lahood is running NATCA Communication now, I think I already now the answer, never mind, I’m just tired.
May 18th, 2009 at 8:54 pm
This is payback, plain and simple.
NATCA and controllers have ridiculed and publicized the FAA’s recent computer security breaches (which as mentioned have nothing whatsoever to do with the computers they now wish to disconnect).
But using the rationale of addressing “security” concerns, the FAA can now get payback for that negative publicity by essentially banning all personal notebook computers, NATCA computers as well as any network capable cellphone (which is almost all of them these days).
It’s simply about angering and frustrating the controller workforce some more, and as long as FAA management still thinks they have the power to make and enforce these punitive policies, they will.
Where is that change we’ve all been hearing about?…
May 19th, 2009 at 5:40 am
In my opinion, this is much ado about nothing. It’s not going to happen. If you think they are going to outlaw cell phones if they are in your locker or you access them on break, your in a conspiritor theorist world. Sometimes, this stuff we delve into takes on a life of it’s own. It just ain’t gonna happen… move on people there’s nothing to see here.
May 19th, 2009 at 6:22 am
In the style of “cointelpro” pipebombs.
May 19th, 2009 at 6:42 am
That line “non-FAA computers also creates security risks” is ridiculous. How can a computer create a security risk if they’re not connected to the network?
I never connect my laptop to the network. I use it stand-alone, and I use it productively. I have digital versions of the 7110.65, all of my airspace, my LOAs, my SOPs, etc. on there. Of course I watch a DVD or whatever on it occasionally. But my point is, some of us aren’t just using them to play solitaire or watch YouTube.
This is a ridiculous order.
May 19th, 2009 at 6:50 am
Has anybody seen Bob Marks? Has he retired yet? Is he still flying? Learning any new skills? We want the Markster for Ruth’s assistant. She’ll need a good bootlicker like Bob.
May 19th, 2009 at 8:31 am
The whiner is keeping a low profile after it was discovered he was pimping the workforce for $$ while he protected his airplane and other toys. So far he’s threatened to sue NATCA, brought us into a nasty lawsuit, and is acting like he’s entitled to reimbursement from dues paying members for his legal costs. He has played the NATCA workforce by taliking about the problems this has caused his family- like it isn’t a result of HIS acts. Not only is the postman a weak-stick as a controller he is also a POS.
May 19th, 2009 at 9:23 am
Go back to FAAMA.
May 19th, 2009 at 10:07 am
To Burger Flipper and the Clown,
BEB has asked before that you post according to the subject. Your jabs against a fellow Union supporter are not welcome. You should instead try to educate yourself in the total story instead of picking and choosing. Mr. Marks deserves our support, Mr. Marks needs our support. I put my name to this to show that I’m not afraid why don’t you put your name up or are you afraid to expose yourself the fool?
____________________________________________________________________________________________
Now for the topic of the post……this is the typic knee-jerk response of the FAA. They had the breach in Feb. ’09 and now they need someone to blame and the box to check that they are doing something. Since the breach took place in Turkey and outside their reach they are now coming for the controller’s pesky computers. Yep that will show the bosses that we are doing something. In all the breaches that have taken place not one has traced back to a government building or an employee’s private computer so why is it they are trageting those computers? Is it because they don’t know how to stop the breaches and this is the only way to show that they are doing something?
Unbelievable……instead of getting the personnel and equipment in to stop the breaches their answer is to take away others computers.
May 19th, 2009 at 2:43 pm
Gloria,
Thank you. Most days I skip the comments because of people like burger flipper and clown. Although BEB’s posts speak for themselves, your comments are right on target and appreciated.
May 19th, 2009 at 6:41 pm
Hey, I used to work with Mr. Johnson for the couple of years he spent as a controller. If you wanted to find him, just look for a slow sector. He was one of several ATC no-shows we sent on up the line back in the 70s and 80s.
May 24th, 2009 at 7:21 am
Bruce Johnson is responsible for the current “Taxi Into Position And Hold” debacle seen at too many towers. These are facilities that do not have adaquate qualified staffing to run LC without combining other positions. The Gospel according to Johnson: Combine LC and no TIPH… Because a few towers have some high-profile deals EVERYBODY gets punished…ESPECIALLY the users. In the heat of this summer, as John Q. User is sweating in line to depart in his flib when the temp and humidity are both about the same, the Local Controller will eventually get Johnny airborne safely and orderly, but not too expeditiously. Why? LC can’t hit the holes. LC’s hands are tied. No TIPH. Hurry Up & W-A-I-T here at The FAA… Don’t expect anyone without terminal experience to understand this, aye Bruce? Tower controllers do. The users do. You do not. One broad, band-aid fix (oh yeah, recommended by a COMMITTEE!) and your ass is covered, disaster is averted, and all is well. Peter Principle!
May 24th, 2009 at 6:43 pm
I think the TIPH and full taxi instructions are great. We are forced to slow it all down. Career longevity. TIPH is too phonetically cumbersome and readbacks take forever when the students try 2 or 3 times bumbling it. Its built in flow control. Also our facility is heavy on using landlines for runway crossings when its busy. Thats right when its busy. Nothing more enjoyable than someone chiming in your in ear every few minutes when we are busy! Now what we need is no opposite direction taxiing on same taxiway at same time! Yeah! Best Practices Rules!