The problem with certificates and standards

From Slashdot:

“The FAA’s NextGen Air Traffic Control (ATC) modernization plan is at risk of serious security breaches, according to Brad Haines (aka RenderMan). Haines outlined his concerns during a presentation (PDF) he gave at the recent DefCon 20 hacker conference in Las Vegas, explaining that ADS-B signals are unauthenticated and unencrypted, and ‘spoofing‘ (video) or inserting a fake aircraft into the ADS-B system is easy. The FAA isn’t worried because the system has been certified and accredited.”

This is a great example of how certifications and standards can create a false sense of security.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>