FAA Infrastructure: Security UpfrontBy Chris Preimesberger | Posted 2008-10-14 Email Print
Transitioning off of legacy systems is never easy, but it’s especially challenging if you are an agency of the U.S. government such as the FAA (Federal Aviation Administration). Real progress on a next-generation system is being made, but you wouldn’t necessarily know it if you read some news headlines about FAA system failures this year. Beyond being a nuisance to airlines and travelers, experts and former employees of the FAA are calling flight-plan system failures a warning sign for peril.
FAA Infrastructure: Security Upfront
In addition to the new Sun infrastructure, the FAA also has taken measures to tighten security from all access points.
ForeScout Technologies, a network access control and policy management provider for large enterprises, was selected to supply a number of its CounterACT network appliances to the FAA's SAVES contract with GTSI.
CounterACT was approved as an agency standard by the FAA's Technology Control Board. FAA networks throughout the United States are now using CounterACT to improve network access.
ForeScout President Gord Boyce said CounterACT combines clientless network access control and malicious threat detection to ensure that connected (and, importantly, connecting) devices are in compliance with network security policies and are free of self-propagating threats.
CounterACT seamlessly integrates into any network environment without requiring costly upgrades or infrastructure changes, Boyce said. It also enables enterprises to tailor enforcement actions to match the level of policy violations, ensuring that user disruption occurs only when it is warranted or required by the IT staff, he added.
"The FAA did a nine-month deep dive to make sure our product met their requirements," Boyce said. "The meat of their business-side deployment is just now beginning. They expect to roll us out to the rest of their network over the next nine months."
Not only will CounterACT give the FAA the security to lock down their network, Boyce said, but it also will allow "understanding as to what's on their network, and the knowledge to know what their network looks like."
CounterACT can see any device that attempts to obtain an IP address, Boyce said. "One of our biggest differentiators in the market is the fact that we are clientless. We don't need to have any prior knowledge of a device as it connects to your network," he said.
"Whether that's an IP phone, an IP printer, a contractor that you've never seen before, a managed desktop or laptop—anything that wants to get an IP address, we're going to be able to identify and interrogate it, and do some sort of a policy enforcement on it."