The U.S. Federal Aviation Administration (FAA) has not done enough to safeguard avionics systems on commercial airplanes against cyberattacks, a U.S. government watchdog agency says.
A review of aviation cybersecurity, released late last week by the Government Accountability Office (GAO), said that the FAA “has not assessed its oversight program to determine the priority of avionics cybersecurity risks.” The agency also has failed to develop an avionics cybersecurity training program, has not provided guidance for independent cybersecurity testing and has not incorporated periodic testing into its monitoring process, the GAO report said.
“Until FAA strengthens its oversight program, based on assessed risks, it may not be able to ensure it is providing sufficient oversight to guard against evolving cybersecurity risks facing avionics systems in commercial airplanes,” the report said.
The document said that airplane avionics systems could be vulnerable to …
