Weaknesses Exist in FAA’s Security Controls for the Traffic Flow Management System
On June 5, 2014, the DOT OIG issued a self-initiated report on the Federal Aviation Administration’s (FAA) Traffic Flow Management System (TFMS) which provides in-flight aircraft position data to airports across the country and keeps air traffic flow safe and orderly to minimize delays. Our audit objective was to assess the effectiveness of FAA’s information security controls for TFMS. Specifically, we determined whether (1) FAA’s security controls minimize the risk of system compromise, and (2) FAA’s contingency plan limits the effect of the loss of availability of TFMS’s data.
THE DEPARTMENT HAS DETERMINED THAT THIS REPORT CONTAINS SENSITIVE SECURITY INFORMATION (SSI) that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a ‘‘need to know’’, as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520. If you would like a copy of this report with SSI redacted, please contact our Freedom of Information Act Office.