While the Federal Aviation Administration (FAA) has taken steps to protect its air traffic control systems from cyber-based
and other threats, significant security control weaknesses remain, threatening the agency's ability to ensure the safe and
uninterrupted operation of the national airspace system (NAS). These include weaknesses in controls intended to prevent, limit,
and detect unauthorised access to computer resources, such as controls for protecting system boundaries, identifying and authenticating
users, authorising users to access systems, encrypting sensitive data, and auditing and monitoring activity on FAA's systems.
Additionally, shortcomings in boundary protection controls between less-secure systems and the operational NAS environment
increase the risk from these weaknesses. The objective of this book is to evaluate the extent to which FAA has effectively
implemented information security controls to protect its air traffic control systems. This book also identifies the cybersecurity
challenges facing FAA as it shifts to the NextGen ATC system and how FAA has begun addressing those challenges; and assesses
the extent to which FAA and its contractors, in the acquisition of NextGen programs, have followed federal guidelines for
incorporating cybersecurity controls.