The U.S. Federal Aviation Administration (FAA) is failing to promptly mitigate security risks involving its new Data Communications (DataComm) system, designed to upgrade communication between air traffic controllers and flight crews, a government watchdog agency says.
The Department of Transportation’s Office of Inspector General (OIG) said in a report released earlier this week that, as of May 10, the FAA had not addressed two security control vulnerabilities in its high-impact plans of action and milestones (POA&M). The plans were originally scheduled for completion in October 2017, but the completion date has been delayed.
“It is critical that FAA incorporate sufficient controls to protect against potential security threats to that [controller-pilot] communication, including an effective contingency plan to ensure a quick recovery from losses of DataComm availability,” the report said.
The OIG’s report focused on two DataComm systems — the Data Communications network Service and Tower Data Link Services, noting that contingency plans for the two are “sufficient to limit the effects of DataComm unavailability.”