The FAA's ATC en route automation modernization (ERAM) system lacks adequate security controls to prevent or respond to system crashes, according to a DOT IG report. Currently, the agency is involved in a multi-year process of enhancing ERAM to manage and control high-altitude operations, including datalink communication.
The National Institute of Standards and Technologies, an agency of the Commerce Department, identified more than 70 security controls that might be required to transition ERAM from its current status as a mid-impact system to a high-impact system.
“While we recognize that ERAM’s reliability has improved and outages are rare, history has shown that when ERAM outages do occur, they can have a significant impact on NAS operations with cascading effects,” the report said. “Therefore, we recommended, and FAA concurred, that it develop an action plan with schedule milestones for completing the assessment, test, and mitigation of the security requirements.”
The DOT IG considers its recommendation resolved but open “pending FAA’s completion of its planned action.” The FAA agreed to implement the recommendation by December 31.