US airlines turn to Web for security

Several major airlines and the US Federal Aviation Administration (FAA) are turning to the Internet, with all of its inherent...

Several major airlines and the US Federal Aviation Administration (FAA) are turning to the Internet, with all of its inherent security vulnerabilities, to improve anti-terror information sharing and the safety of flight operations.

In the wake of last year's terrorist hijackings and the near-success of the shoe-bomb plot on an American Airlines flight on 22 December, American Airlines and others have turned to the Internet as a way to keep pilots informed of critical federal security warnings.

In recent weeks, the FAA has established a public Web site that commercial and general aviation pilots can use to download visual-range data for most of the nation's major airports. Visual-range data is used to plan alternative landing routes in the event of bad weather.

American Airlines, Delta Air Lines, United Air Lines and US Airways Group have established Web-based systems to keep pilots informed of urgent security advisories sent out by the Transportation Security Administration.

The issue was thrust into the spotlight when a government warning about the potential use of shoe explosives was sent to American on 11 December but was not forwarded to pilots before the bombing attempt 11 days later.

A spokeswoman for United Air Lines declined to provide details on the company's Web-based bulletin board system, saying only that doing so would "open the door to what we do from a security perspective and how we do it".

Larry Johnson, chief executive officer and co-founder of international business-consulting company The Business Exposure Reduction Group Associates, applauded the airlines for using the Web to "make the pilots part of the [security] solution".

"The US government has to do a better job of keeping other security professionals informed," said Johnson, former deputy director of transportation security in the State Department's Office of Counterterrorism.

However, he is less enthusiastic about the FAA putting operational data on the Internet. "Posting visual-range data on a public Internet is insane," said Johnson. "That makes the terrorist job of doing operational planning easier."

"There's always a concern with putting operational data on the Internet," acknowledged James Wetherly, research and development lead for the FAA's Traffic Flow Management Integrated Product Team. However, "with [visual range data], a lot of this information is about the environment that is often available locally", he said.

"The Web is being used for advisory purposes only, not to replace the tried-and-true method of communicating [range] data... which is voice," said Wetherly. "We take every precaution to ensure that the systems and data viewed from the outside are secure. And we have an infrastructure that provides a pretty deep moat to ensure that."

Read more on Antivirus, firewall and IDS products