The Government Accountability Office (GAO) published a report Oct. 9 that outlines needs for improvements to the way the FAA evaluates cybersecurity for commercial aircraft avionics systems. (GAO)
A new U.S. Government Accountability Office (GAO) report identifies six key recommendations for the Federal Aviation Administration’s (FAA) current regulation of cybersecurity requirements for commercial aircraft avionics systems.
The report calls on the agency to hire new staff, standardize its process for assessing the cyber resiliency of connected avionics systems and establish new methods for penetration testing of aircraft networks. Important findings and insights shared by GAO also show some software vulnerabilities and the potential disruption of aircraft network functioning under penetration testing that heavily complicates how the FAA can address the recommendations moving forward.
“Specifically, FAA has not assessed its oversight program to determine the priority of avionics cybersecurity risks, developed an avionics cybersecurity training program, issued guidance for independent cybersecurity testing, or included periodic testing as part of its monitoring process,”…
