Friday, 1 May 2015

GAO: Comprehensive Cybersecurity Approach Needed for NextGen Transition

The FAA faces cybersecurity challenges protecting air-traffic control information systems, protecting aircraft avionics used to operate and guide aircraft, and clarifying cybersecurity roles and responsibilities among multiple FAA offices, and it needs a more comprehensive approach to cybersecurity as it transitions to the NextGen transportation system, GAO has said.

The agency will continue to be challenged in protecting ATC systems because it has not developed a cybersecurity threat model, according to GAO-15-370.

It said that while the FAA has taken some steps toward developing such a model, it has no plans to produce one and has not assessed the funding or time that would be needed to do so.

The FAA has begun to clarify cybersecurity roles and responsibilities among multiple FAA offices, such as creating a Cyber Security Steering Committee to oversee information security, but GAO recommended that the Office of Safety – AVS, be made a full committee member instead of included only on an ad hoc basis.

GAO also said the Surveillance and Broadcast Services Subsystem – which enables satellite guidance of aircraft and is currently deployed in parts of the nation – needs to adopt all April 2013 changes to NIST security controls, such as intrusion detection improvements.

The FAA generally agreed with the recommendations but maintains AVS is sufficiently involved in cybersecurity.

Source: http://ift.tt/1Q7TKiN



from cyber security caucus http://ift.tt/1I3bieH
via IFTTT

No comments:

Post a Comment