Air Traffic Control: FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen

The Federal Aviation Administration (FAA) is responsible for overseeing the national airspace system, which comprises air-traffic control (ATC) systems, procedures, facilities, and aircraft, and the people who operate them. FAA is implementing Next Generation Air Transportation System (NextGen) to move the current radar-based ATC system to one that is based on satellite navigation and automation. It is essential that FAA ensures effective information-security controls are incorporated in the design of NextGen programs to protect them from threats. The Government Accountability Office (GAO) was asked to review FAA’s cybersecurity efforts. This report (1) identifies the cybersecurity challenges facing FAA as it shifts to the NextGen ATC system and how FAA has begun addressing those challenges, and (2) assesses the extent to which FAA and its contractors, in the acquisition of NextGen programs, have followed federal guidelines for incorporating cybersecurity controls. GAO reviewed FAA cybersecurity policies and procedures and federal guidelines, and interviewed FAA officials, aviation industry stakeholders, and 15 select cybersecurity experts based on their work and recommendations by other experts. GAO recommends that FAA: 1) assess developing a cybersecurity threat model, 2) include FAA’s Office of Safety (AVS) as a full member of the Committee, and 3) develop a plan to implement National Institute of Standards and Technology (NIST) revisions within Office of Management and Budget's (OMB’s) time frames. FAA concurred with recommendations one and three, but believes that AVS is sufficiently involved in cybersecurity. GAO maintains that AVS should be a member of the Committee.

• Record URL:
  • http://www.gao.gov/assets/670/669627.pdf
• 
• Summary URL:
  • http://www.gao.gov/assets/670/669628.pdf
• Corporate Authors:

  U.S. Government Accountability Office

  441 G Street, NW
  Washington, DC  United States  20548
• Authors:
  • Dillingham, Gerald L
  • Wilshusen, Gregory C
  • Barkakati, Nabajyoti
• Publication Date: 2015-4-14

Language

• English

Media Info

• Media Type: Digital/other
• Features: Appendices; Figures; References; Tables;
• Pagination: 56p

Subject/Index Terms

• TRT Terms: Air traffic control; Aviation safety; Computer security; National security; Recommendations; Stakeholders
• Identifier Terms: Next Generation Air Transportation System; U.S. Federal Aviation Administration
• Subject Areas: Aviation; Data and Information Technology; Security and Emergencies; I73: Traffic Control; I91: Vehicle Design and Safety;

Filing Info

• Accession Number: 01560911
• Record Type: Publication
• Report/Paper Numbers: GAO-15-370
• Files: TRIS
• Created Date: Apr 24 2015 10:24AM