FAA behind on IT security reforms, IG finds

The Federal Aviation Administration has fallen short of its goals to complete security reviews of its air traffic control systems, according to a recent report by the Transportation Department's inspector general.

In the report, the IG concluded that the FAA took only limited steps to perform security reviews at all air traffic locations, despite stating last year that the agency would complete the reviews within three years.

'FAA collected system security information on only about half of the systems used to support en-route [high-altitude] air traffic systems,' the report said. 'En-route centers currently rely on approximately 30 systems to deliver safe and efficient air traffic control services. Since information was collected only on half of the systems, other critical systems, such as the system that routes critical weather and flight plan data to all en-route centers, were not reviewed.'

Nor has the agency 'analyzed the information collected, and therefore has not determined what remediation work is needed to better secure operational en-route systems,' the report added.

Moreover, oversight of FAA's IT investments needs improvement, especially considering that these projects represent more than 80 percent of Transportation's IT budget, the IG said.

'We reviewed 16 FAA major acquisitions and found that nine projects had experienced schedule delays of two to 12 years, and 11 projects had experienced cost growth of about $5.6 billion [from $8.9 billion to $14.5 billion],' the IG said.

In the nine years since Congress exempted the FAA from compliance with federal acquisition regulations, 'air traffic control modernization projects are still experiencing performance problems, along with the cost increases and schedule delays,' the IG said.

The Transportation Department, the report said, must strengthen its security management so weaknesses are fixed in a timely manner. 'Currently, the department has about 3,000 weaknesses that need to be fixed,' the report said. 'However, management could not effectively prioritize their correction because 1,620 of the weaknesses are missing information such as their severity and the cost needed to correct them.'

Transportation officials in response said they agreed with the IG's conclusions and would outline steps to be taken for improvement.


  • 2020 Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected