The Federal Aviation Administration (FAA) manages our Nation’s air traffic control operations through a vast network of information systems and air traffic control facilities. Cyber-based threats from both internal and external sources are rapidly evolving and could threaten the connectivity of a complex aviation infrastructure. Furthermore, FAA’s current modernization efforts rely on integrated information systems, distribution of information, and satellite-based technologies, and as a result, may put the air-traffic control system at risk for compromise.
The Chairmen and Ranking Members of the House Committee on Transportation and Infrastructure and the Subcommittee on Aviation requested an assessment of FAA’s progress in addressing key components of section 2111, which requires the agency to enhance the cybersecurity of the National Airspace System by, among other things, establishing a comprehensive and strategic framework to reduce cybersecurity risks, and developing a cybersecurity threat model. Our audit objective is to assess FAA’s progress in meeting these requirements.