November 7, 2018
Requested by Chair of the Senate Committee on Commerce, Science, and Transportation, and Chairs of the House Committee on Transportation, and Infrastructure and its Subcommittee
FAA Has Taken Steps To Address ERAM Outages, but Some Vulnerabilities Remain
What We Looked At
The Federal Aviation Administration’s (FAA) air traffic controllers use the En Route Automation Modernization (ERAM) system to manage over 3 million high-altitude en-route aircraft a month. Because of ERAM’s importance to air traffic management, system outages can significantly impact operations in the National Airspace System (NAS). Our audit objective was to assess the causes of ERAM’s outages and FAA’s actions to address them.
What We Found
While FAA has taken steps to address the seven ERAM failures since 2014, some vulnerabilities remain. These seven failures included two serious incidents that significantly disrupted the NAS. During one of these incidents, in August 2015, ERAM failed when a software tool at controller workstations overloaded system memory. The incident caused flight delays and cancellations that impacted thousands of flights over several days.
FAA has since taken corrective actions to resolve the causes of these two serious incidents and other issues that caused five less serious outages. However, other issues remain unresolved. For example, FAA has not implemented annual testing of ERAM’s contingency plan, as called for by Federal guidelines. In addition, FAA plans to decommission ERAM’s existing backup system, the Enhanced Backup Surveillance System (EBUS), due to its incompatibility with upgrades to ERAM. However, FAA has not yet determined whether ERAM’s remaining backup capability—the system’s redundant dual channel design—will be sufficient to prevent future outages once EBUS is removed. The lack of sufficient backup capabilities could increase ERAM’s vulnerability in the event of future unanticipated incidents.
We made three recommendations to improve FAA’s ability to mitigate future ERAM disruptions. FAA has concurred with one of our recommendations and partially concurred with the other two. We consider all three of our recommendations resolved but open pending completion of planned actions.