Audit Reports

-A A +A

FAA Has Taken Steps To Address ERAM Outages, but Some Vulnerabilities Remain

Requested by Chair of the Senate Committee on Commerce, Science, and Transportation, and Chairs of the House Committee on Transportation, and Infrastructure and its Subcommittee
Project ID: 
What We Looked At
The Federal Aviation Administration’s (FAA) air traffic controllers use the En Route Automation Modernization (ERAM) system to manage over 3 million high-altitude en-route aircraft a month. Because of ERAM’s importance to air traffic management, system outages can significantly impact operations in the National Airspace System (NAS). Our audit objective was to assess the causes of ERAM’s outages and FAA’s actions to address them.
What We Found
While FAA has taken steps to address the seven ERAM failures since 2014, some vulnerabilities remain. These seven failures included two serious incidents that significantly disrupted the NAS. During one of these incidents, in August 2015, ERAM failed when a software tool at controller workstations overloaded system memory. The incident caused flight delays and cancellations that impacted thousands of flights over several days.
FAA has since taken corrective actions to resolve the causes of these two serious incidents and other issues that caused five less serious outages. However, other issues remain unresolved. For example, FAA has not implemented annual testing of ERAM’s contingency plan, as called for by Federal guidelines. In addition, FAA plans to decommission ERAM’s existing backup system, the Enhanced Backup Surveillance System (EBUS), due to its incompatibility with upgrades to ERAM. However, FAA has not yet determined whether ERAM’s remaining backup capability—the system’s redundant dual channel design—will be sufficient to prevent future outages once EBUS is removed. The lack of sufficient backup capabilities could increase ERAM’s vulnerability in the event of future unanticipated incidents.
We made three recommendations to improve FAA’s ability to mitigate future ERAM disruptions. FAA has concurred with one of our recommendations and partially concurred with the other two. We consider all three of our recommendations resolved but open pending completion of planned actions.




Closed on 08.31.2020
No. 1 to FAA

Develop and implement contingency plan testing to validatethe effectiveness of techniques and procedures to react to and recover from ERAM outages, with air traffic controllers' and maintenance technicians' participation.

Closed on 08.31.2020
No. 2 to FAA

Evaluate, develop, and implement training, consistent with NIST guidelines, for maintenance technicians and air traffic control staff for responding to ERAM in degraded system conditions and outages.

Closed on 04.07.2020
No. 3 to FAA

Upon completion of the safety review regarding removing ERAM's current backup system, determine what backup capability is required for ERAM and then develop and implement that capability.