The Government Accountability Office has recommended that the Federal Aviation Administration establish a threat modeling approach to secure NextGen air traffic control data systems.GAO said in a report published Tuesday that weak security controls remain a hindrance for FAA to facilitate uninterrupted national airspace operations, despite the agency’s efforts to implement ATC cybersecurity measures.
FAA should also develop a plan to incorporate data protection controls in the transition to NextGen satellite-based aviation transportation technology and ensure the program’s timely implementation of security standards from the National Institute of Standards and Technology, GAO added.
The report noted that FAA applied six information technology and risk management safeguards found in NIST guidance to the NextGen acquisition process.
GAO also believes that FAA’s Office of Safety, which oversees aircraft interconnected technology certification, should fully collaborate with the agency’s cybersecurity steering committee to address IT security issues.
