Audit Reports

-A A +A
skip-to-content

FAA Has Taken Steps To Address ERAM Outages, but Some Vulnerabilities Remain

Requested by Chair of the Senate Committee on Commerce, Science, and Transportation, and Chairs of the House Committee on Transportation, and Infrastructure and its Subcommittee
Project ID: 
AV2019004
What We Looked At
The Federal Aviation Administration’s (FAA) air traffic controllers use the En Route Automation Modernization (ERAM) system to manage over 3 million high-altitude en-route aircraft a month. Because of ERAM’s importance to air traffic management, system outages can significantly impact operations in the National Airspace System (NAS). Our audit objective was to assess the causes of ERAM’s outages and FAA’s actions to address them.
 
What We Found
While FAA has taken steps to address the seven ERAM failures since 2014, some vulnerabilities remain. These seven failures included two serious incidents that significantly disrupted the NAS. During one of these incidents, in August 2015, ERAM failed when a software tool at controller workstations overloaded system memory. The incident caused flight delays and cancellations that impacted thousands of flights over several days.
 
FAA has since taken corrective actions to resolve the causes of these two serious incidents and other issues that caused five less serious outages. However, other issues remain unresolved. For example, FAA has not implemented annual testing of ERAM’s contingency plan, as called for by Federal guidelines. In addition, FAA plans to decommission ERAM’s existing backup system, the Enhanced Backup Surveillance System (EBUS), due to its incompatibility with upgrades to ERAM. However, FAA has not yet determined whether ERAM’s remaining backup capability—the system’s redundant dual channel design—will be sufficient to prevent future outages once EBUS is removed. The lack of sufficient backup capabilities could increase ERAM’s vulnerability in the event of future unanticipated incidents.
 
Recommendations
We made three recommendations to improve FAA’s ability to mitigate future ERAM disruptions. FAA has concurred with one of our recommendations and partially concurred with the other two. We consider all three of our recommendations resolved but open pending completion of planned actions.

Recommendations

Open

Closed

No. 1 to FAA

Develop and implement contingency plan testing to validatethe effectiveness of techniques and procedures to react to and recover fromERAM outages, with air traffic controllers' and maintenance technicians'participation.

No. 2 to FAA

Evaluate, develop, and implement training, consistent with NIST guidelines, for maintenance technicians and air traffic control staff forresponding to ERAM in degraded system conditions and outages.

No. 3 to FAA

Upon completion of the safety review regarding removing ERAM's current backup system, determine what backup capability is required for ERAM and then develop and implement that capability.