According to reports, the agency said the Federal Aviation Administration has not developed a training program for cybersecurity or test airplane computer systems that could be vulnerable to attack. The GAO said that without improvements, “FAA may not be able to ensure sufficient oversight to guard against evolving avionics cybersecurity risks. The GAO recommends that FAA conduct a risk assessment of security of avionics systems and train inspectors to judge security of avionics systems. It said FAA should also enact guidance that includes independent testing of cybersecurity on new airplane designs. The GAO report focused on the vulnerability of systems on planes that automatically transmit data to air traffic controllers, airline maintenance crews and others on the ground. Advanced networks carry data used to track planes, tell pilots about weather ahead, and handle secure communication between pilots and people on the ground.
