Originally Posted by tortue

I'd be more concerned with the fact that the FAA has essentially moved from having a private dedicated network with leased lines to run their infrastructure to a "shared" infrastructure, that also carries the Internet. Specifically, the FAA (a sub-contractor) has reached out to service providers and have asked them to cut a "slice" of their infrastructure off to place the FAA network in. This is all done in the name of cost reduction. Building your own private network with your own gear, circuits, etc costs a lot of money. Buying circuits to a service provider and having their gear terminate and handle the routing is a low-cost option (aka L3VPN, L2VPN).

The problem with this is that sensitive FAA data is routing through the same layer-3 equipment that transports your porn and APC rumors. Any misconfiguration (aka provisioning error) of the routers involved and you could run into a situation where perhaps Al-Jazeeras VPN that they use between offices has visibility into the FAA. That's a worst case scenario, another scenario is that when you use shared infrastructures, attacks from the Internet could also cripple the same equipment. No matter what, Internet related events should not be riding alongside FAA bits.

There's a lot more to be worried about, but when we start sacrificing security for cost reductions, bad things happen.