The U.S. Department of Transportation (DOT) is planning to conduct a cybersecurity audit of the FAA’s “high-impact systems,” the agency announced yesterday. It will begin the audit later this month.
This audit comes after an August 2021 order to reorganize the FAA’s systems as low, moderate, and high-impact. The DOT characterized high-impact systems as those that, “in the event of system failure, would have adverse impact to FAA’s mission and on the safety and efficiency of the National Airspace System (NAS).”
“Implementing high-security controls, such as penetration testing or supply-chain protection, is vital to securing the NAS and mitigating cybersecurity risks. If FAA does not perform comprehensive testing of its systems’ security and defenses or check for flaws in the supply-chain software of its high-impact systems, the FAA could be at increased risk for successful cyberattacks,” according to the DOT.