A new Government Accountability Office (GAO) report has found that the Federal Aviation Administration (FAA) needs to strengthen its oversight of cybersecurity in aircraft and avionics systems.
GAO said in the report released Friday that although “extensive cybersecurity controls” are in place, the FAA needs to consider the emerging threat landscape and increasing connections between airplanes and various systems.
The watchdog noted that the FAA has not fully implemented best practices for executing a “risk-based cybersecurity oversight program” and must identify priority avionics cybersecurity risks.
The FAA must also develop a cybersecurity training program for avionics technology and issue guidance for third-party cybersecurity testing, the report states. GAO added that the FAA must create a “tracking mechanism” to monitor progress in fortifying cybersecurity posture.
“Until FAA establishes a tracking mechanism for cybersecurity issues, it may be unable to ensure that all issues are appropriately addressed and resolved,” according to GAO. “Further, until it conducts an avionics cybersecurity risk assessment, it will not be able to effectively prioritize and dedicate resources to ensure that avionics cybersecurity risks are addressed in its oversight program.”
