The FAA’s Cyber Security Management Center

By Dick Templeton

 

Formerly known as C-SIRC, or Cyber Security Incident Response Center, the Federal Aviation Administration’s Cyber Security Management Center has grown from a handful of people monitoring a few network sensors to a group of more than fifty FAA employees and government contractors watching the airline regulator’s networks around the clock, as well as keeping an eye on other agencies’ networks.

 

Initially formed to respond to FAA computer security events, as implied in its original name, the Center, based in Leesburg, VA, now provides network security services for the entire Department of Transportation, of which the FAA is a part.  That shift is one step toward allowing the Center to offer its services to other federal civilian agencies on a fee-for-service basis and becoming a federal center of cyber security excellence.

 

Using the most up to date software, the system in use generates some 95,000 alerts per day.  These alerts are, in turn, evaluated by the software which then issues some dozen or so Level 2 alerts each day that are then examined by the staff at the CSMC.  Of this number, only about two or three a day require the attention of network administrators across the country. The systems utilized by the people at CSMC allow the security professionals there to detect intrusions into the networks they monitor, evaluate other security incidents, respond to those incidents in a timely manner, and recover from them.

 

With all of those daily alerts, it previously took as much as twelve hours to identify a problem and notify the FAA’s internal customers.  With the new software in place, this has been cut down to less than 10 minutes.

 

CSMC officials have signed memorandums of understanding with several other nations, including Mexico, Canada and several European countries to share information.  A like memorandum is under consideration with the United Kingdom. 

 

A new weapon in the CSMC’s arsenal of network protection tools, not yet fully implemented, is a program that permits the detection and remediation of voice telephony intrusions.  ETM, or Enterprise Telephony Management, relies on data-gathering appliances at more than fifty FAA sites across the country, including control towers, to monitor the FAA’s voice telecommunications network.  The computers in the field relay their information to a central server in Leesburg for analysis there.  The system can determine when an intrusion on the voice network has occurred, can block harassing telephone calls, and is used to analyze usage patterns to allow for more efficient use of the FAA’s telecommunications dollars, among other tasks.

 

The FAA’s Cyber Security Incident Response Center, formerly dedicated solely to responding to network security events, has grown to be a full fledged cyber security management center that operates and monitors the burgeoning Department of Transportation’s data and voice networks in a proactive, rather than reactive, mode.