The U.S. Department of Transportation’s Office of Inspector General (IG) issued a self-initiated report on Dec. 19, 2012, about the FAA’s en route automation modernization (Eram) program’s (flight) information security controls. Unfortunately, the IG did not make the report public online due to security requirements to protect the information crews might care about.
Eram, which focuses primarily on high-altitude air traffic, will replace the 30-year-old en route Host computer and backup system, as well as more than 800 controller workstations at FAA Air Route Traffic Control Centers across the country.
As background to the most recent report, the IG said in September 2012 that weaknesses in the program confirmed it still involves critical risks for the FAA. The objective of the audit was to determine the effectiveness of Eram’s information security controls, including whether or not the FAA is identifying security risks and properly mitigating them. It was during the drafting of the current audit that the DoT determined it contained information that was too sensitive to make public in the traditional way and can be found only through a Freedom of Information Act request.