Aviation Security Cyber Attacks on Critical Now let me turn to aviation security. Since 1996, we have presented numerous reports and testimonies and reported on numerous weaknesses that we found in the commercial aviation security system. For example, we reported that airport passenger screeners do not perform well in detecting dangerous objects, and Federal Aviation Administration tests showed that as testing gets more realistic—that is, as tests more closely approximate how a terrorist might attempt to penetrate a checkpointscreener performance declines significantly. In addition, we were able to penetrate airport security ourselves by having our investigators create fake credentials from the Internet and declare themselves law enforcement officers. They were then permitted to bypass security screening and go directly to waiting passenger aircraft. In 1996, we outlined a number of steps that required immediate action, including identifying vulnerabilities in the system; developing a short-term approach to correct significant security weaknesses; and developing a long-term, comprehensive national strategy that combines new technology, procedures, and better training for security personnel. Federal critical infrastructure-protection initiatives have focused on preventing mass disruption that can occur when information systems are compromised because of computer-based attacks. Such attacks are of growing concern due to the nation's increasing reliance on interconnected computer systems that can be accessed remotely and anonymously from virtually anywhere in the world. In accordance with Presidential Decision Directive 63, issued in 1998, and other information-security requirements outlined in laws and federal guidance, an array of efforts has been undertaken to address these risks. However, progress has been slow. For example, federal agencies have taken initial steps to develop critical infrastructure plans, but independent audits continue to identify persistent, significant information security weaknesses that place virtually all major federal agencies' operations at high risk of tampering and disruption. In addition, while federal outreach efforts have raised awareness and prompted information sharing among government and private sector entities, substantive analysis of infrastructure components to identify interdependencies and related vulnerabilities has been limited. An underlying deficiency impeding progress is the lack of a national plan that fully defines the roles and responsibilities of key participants and establishes interim objectives. Accordingly, we have recommended that the Assistant to the President for National Security Affairs ensure that the government's critical infrastructure strategy clearly define specific roles and responsibilities, develop interim objectives and milestones for achieving adequate protection, and define performance measures for accountability. The administration currently is reviewing and considering 76-801 D-00--3 International Crime Public Health adjustments to the government's critical infrastructure-protection strategy that may address this deficiency. On September 20, 2001, we publicly released a report on international The spread of infectious diseases is a growing concern. Whether a disease |