Since April 2019, the Department of Transport (DOT) has implemented 8 of 16 open priority recommendations from the Government Accountability Office (GAO).
DOT is addressing concerns related to aviation cybersecurity by strengthening security controls, improving the process for testing such security controls for the satellite navigation and automation based air traffic control system, and for addressing security weaknesses.
GAO made two recommendations in July 2019 that are critical to protecting DOT from a growing number of cyber threats to systems and data by taking a risk-based approach to cybersecurity by effectively identifying, prioritizing, and managing cyber risks. GAO recommended developing a cybersecurity risk management strategy that includes key required elements, including a statement of departmental risk tolerance and risk mitigation strategies, and a description of acceptable risk assessment methodologies. GAO also called for DOT to fully establish and document a process for coordination between cybersecurity risk management and enterprise risk management functions. DOT concurred with both recommendations, and as of January 2020, estimated…