GAO urges response on FAA security

The General Accounting Office followed up Wednesday on its recent criticisms

of the Federal Aviation Administration's computer security with a report

detailing recommendations and soliciting a response from the FAA on actions

it has taken.

The report to Transportation Secretary Rodney Slater, "FAA Computer Security:

Recommendations to Address Continuing Weaknesses," makes recommendations

based on suggestions that GAO offered in testimony Sept. 27 before the House

Science Committee.

At that time, GAO said it found that the FAA's computer security program

had "serious, pervasive problems," particularly a failure to conduct background

checks on contractor personnel working on Year 2000 rollover problems and

who were hired to conduct vulnerability testing at the FAA.

The Dec. 6 report insists that those critical weaknesses need to be addressed,

and it reminded Slater that the head of a federal agency is required to

submit a written statement on actions taken on GAO's recommendations within

60 days. The agency also is required to submit a written statement to its

House and Senate appropriators with its first request for appropriations

following the report.

The report directs Slater and FAA Administrator Jane Garvey to complete

actions including:

* Tracking when re-investigations of federal employees are due and ensuring

that they occur.

* Expediting the required background searches of contract employees.

* Performing vulnerability assessments of the critical systems that were

worked on by foreign nationals in order to assess those systems' vulnerability

to unauthorized access.

* Quickly completing assessments of air traffic control systems, addressing

any weaknesses identified during those assessments and accrediting the systems.

* Completing efforts to implement and enforce a comprehensive management/software

change control policy.

* Completing information systems security directives and implementing new

information systems security training courses.

* Assessing the effects of security breaches on all systems and developing

contingency plans for such breaches.

* Increasing efforts to establish a fully operational Computer Security

and Intrusion Response Capability that allows for prompt detection, analysis

and reporting of all computer systems security incidents.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.