The Federal Aviation Administration acknowledged Friday that a “known virus” penetrated the agency’s administrative network in February, but it said no damage was done.
“In early February, the FAA identified a known virus on its administrative computer system that is passed through email,” FAA spokesman Lynn Lunsford told FedScoop in an email late Friday. “The agency immediately took steps to block and contain the virus and clean any affected computers. After a thorough review, the FAA did not identify any damage to agency systems.”
News of the incident came as a result of a contract award notice that mentioned “a recent cyber-attack” that forced a delay in the FAA’s requirements process for industry bids on the agency’s Cyber Security Management Center Security Operations Center support services contract.
The FAA awarded the incumbent, SRA International Inc., a so-called bridge contract that will remain in effect until Feb. 29, 2016, if necessary, the contract posting states.
“Due to a recent cyber-attack, the FAA requires additional planning time to determine the impact to the competitive procurement’s requirements,” the FAA notice states.
News of the incident comes a month after the Government Accountability Office issued a scathing report detailing significant control weaknesses in the FAA’s computer systems that potentially put the national airspace system at risk. The 18-month GAO audit ended just one month before the virus incident occurred.
“Until FAA effectively implements security controls, establishes stronger agencywide information security risk management processes, fully implements its NAS information security program, and ensures that remedial actions are addressed in a timely manner, the weaknesses GAO identified are likely to continue, placing the safe and uninterrupted operation of the nation’s air traffic control system at increased and unnecessary risk,” the GAO report stated.