FAA air-traffic systems lack cyberprotections, GAO finds

Air-traffic control systems operated by the Federal Aviation Administration contain significant cybersecurity weaknesses and are vulnerable to attack, according to a recent report from the Government Accountability Office.

In the report, GAO concluded that the agency has not completely implemented information security programs that protect its systems from cyberattack.

'FAA has made progress in implementing information security for its air traffic control systems by establishing an agencywide information security program and addressing many of its previously identified security weaknesses; however, it still has significant weaknesses that threaten the integrity, confidentiality and availability of its systems'including weaknesses in controls that are designed to prevent, limit and detect access to those systems,' the report said.

FAA officials admit the weaknesses exist, but contend that because parts of their systems are custom-built with older equipment, special-purpose operating systems and proprietary communication interfaces, chances for unauthorized access are limited, according to the report.

'Nevertheless, the proprietary features of these systems do not protect them from attack by disgruntled current or former employees who understand these features, or from more sophisticated hackers,' the report added.

GAO recommended that the agency address the following weaknesses: outdated security plans, inadequate security awareness training, inadequate system testing and evaluation programs, limited security incident-detection capabilities and shortcomings in providing service continuity for disruptions in operations.

In response, FAA officials said they will consider the recommendations, but also stated that the report is not indicative of the agency's security systems.

Meanwhile, Rep. Tom Davis (R-Va.), who chairs the House Government Reform Committee that asked for the report, said FAA must address the recommendations. 'Given the ever-evolving nature of cyberthreats and the thought of someone with malicious intent accessing FAA's IT systems, complacency is not an option,' he said.


  • senior center (vuqarali/Shutterstock.com)

    Bmore Responsive: Home-grown emergency response coordination

    Working with the local Code for America brigade, Baltimore’s Health Department built a new contact management system that saves hundreds of hours when checking in on senior care centers during emergencies.

  • man checking phone in the dark (Maridav/Shutterstock.com)

    AI-based ‘listening’ helps VA monitor vets’ mental health

    To better monitor veterans’ mental health, especially during the pandemic, the Department of Veterans Affairs is relying on data and artificial intelligence-based analytics.

Stay Connected