Former FAA security chief: More screening needed at 'en route' air-traffic control centers
Last week, the Federal Aviation Administration announced that an air-traffic control facility located in the Chicago suburb of Aurora was fully operational after being damaged by an act of sabotage allegedly carried out by a suicidal contract employee. Late last month, the accused saboteur, identified as Brian Howard, reportedly cut cables and set fire to a basement telecommunications room at the Chicago En Route Center before trying to cut his throat.
The incident caused major disruptions to air travel around the country and forced the cancellation of thousands of flights. It also raised many questions about the security of the nation’s air travel system given how an act by just one distraught person could wreak chaos across the entire grid.
"We must focus on a robust continuity of operation in any type of event, purposeful or accidental," U.S. Sen. Mark Kirk (R-Ill.) said in a statement. "Illinois passengers and travelers at the world's busiest airport deserve better."
According to Billie Vincent, a former director of civil aviation security for the FAA who now serves as president and CEO of consulting firm Aerospace Services International (ASI), while there are a great number of control towers and Terminal Radar Approach Control facilities known as TRACONs that may control air traffic into one airport or several airports in a region, the Chicago En Route Center is one of 20 such en route centers around the country that are essentially responsible for control of the nation’s airspace, which is what made this act of sabotage so damaging.
"These are major facilities and the overriding control of everything is in these 20 centers," said Vincent. "You control (air traffic) by radar that is microwaved into your facility and digitized through computers."
All of the information from regional air-traffic control towers and TRACONs are embedded in these en route centers, but despite having multiple communications and power paths built into these facilities, Vincent says there is never "total redundancy." However, Vincent said that the FAA’s Next Generation Air Transportation System known as NextGen, which is supposed to be implemented by 2020, will be largely based on satellite data and feature greater redundancies than the agency has currently.
In years past, Vincent said communications paths into the en route centers came through one location and one cable. The FAA has since added dual path communications so they wouldn’t lose communications or access to radar systems as easily. These facilities also have uninterruptible power systems and diesel generators in the case of power outages.
"There are a lot of redundancies built into the system. The problem is when you get into the guts of the system as it exists currently - until NextGen which I understand will have redundancies on the computer systems - the limited redundancy you have now this guy destroyed because you have single points of possible failure in some systems." explained Vincent. "That is almost impossible to prevent in some large systems."
Regardless of the additional communication or power redundancies that the FAA may put in place at the en route centers following this act of sabotage, Vincent said that one of the most difficult things to protect against is an insider threat. However, Vincent believes this incident in Aurora could have been prevented.
"An insider threat is virtually impossible to prevent in some circumstances. In this particular circumstance, if you had the right security measures in place in clearing people and equipment that move within the facility, this guy could have been stopped," said Vincent. "Once you’ve vetted somebody and trust them, then the question is how far do you check them when they come into the facility?"
Although the agency has worked for years to prevent against this type of failure, Vincent said they still haven't adequately accounted for the insider threat because if they had, security measures would have been sufficient enough so that no single employee, even the head of a facility, could have entered without being adequately screened.
"You have to have a reason to have something that might be used to sabotage the system, whether it is putting a bomb on an airplane, taking a bomb into that control center or in this case, something that could sabotage the communications or computer systems," said Vincent. "You cannot afford what happened in Chicago. The old thought is, 'well, we trusted people and so on and it will never happen here.'"
In addition to enhanced screening procedures at each en route facility, Vincent said that the FAA could also consider establishing a dual entry type of system where no one is allowed access to a building alone. "If you’ve got a secure command and control facility that houses your crucial computer systems, as is the case with air-traffic control systems, you would not let a person in singly, it would always have to be dual and then, in order to get into the facility, a person and everything they have would have to be completely screened to make sure they’re not going to do what this guy did," said Vincent.