GAO – Government Accountability Office
Résumé: Avionics systems, which provide weather information, positioning data, and communications, are critical to the safe operation of an airplane.
FAA is responsible for overseeing the safety of commercial aviation, including avionics systems. The growing connectivity between airplanes and these systems may present increasing opportunities for cyberattacks on commercial airplanes.
GAO was asked to review the FAA’s oversight of avionics cybersecurity issues. The objectives of this review were to (1) describe key cybersecurity risks to avionics systems and their potential effects, (2) determine the extent to which FAA oversees the implementation of cybersecurity controls that address identified risks in avionics systems, and (3) assess the extent to which FAA coordinates internally and with other government and industry entities to identify and address cybersecurity risks to avionics systems.
To do so, GAO reviewed information on key cybersecurity risks to avionics systems, as reported by major industry representatives as well as key elements of an effective oversight program, and compared FAA’s process for overseeing the implementation of cybersecurity controls in avionics systems with these program elements. GAO also reviewed agency documentation and interviewed agency and industry representatives to assess FAA’s coordination efforts to address the identified risks.