FAA seeks industry insight on air traffic cyber security

July 15, 2024
The increasing sophistication of cyber adversaries requires deep institutional knowledge of critical infrastructure to ensure the mission space's resiliency.

WASHINGTON - The Federal Aviation Administration (FAA) announced that the agency is conducting a market survey to ensure the cyber security of the nation's air traffic and airspace.

The FAA's National Airspace System (NAS) Security and Enterprise Operations (NASEO) are tasked with minimizing the impact of - and recovery from - cyber security programs for Air Traffic Organization (ATO).

The FAA runs a multi-faceted cybersecurity program to protect the NAS per Federal Information Security Management Act (FISMA). The ATO Cybersecurity Group (ACG), a line of business under NAS NASEO within the ATO, is the lead organization for governing, implementing, and managing cybersecurity controls for NAS.

Related: Navy picks Green Expert for cyber security in integrated bridge control systems aboard surface warships

the ATO Cybersecurity Strategic Plan has been developed to ensure that critical infrastructure remains secure and resilient. This plan aims to maintain the functionality of essential services under various cyber conditions, adapt NAS cybersecurity capabilities to evolving threats, and enable rapid recovery from disruptions.

The increasing sophistication of cyber adversaries requires deep institutional knowledge of critical infrastructure to ensure the mission space's resiliency. The ATO Cybersecurity Group (ACG) manages ATO cybersecurity, integrating functions into NAS and ATO operations. ACG's responsibilities include providing an enterprise-wide view of cybersecurity risk, securing NAS and ATO-operated systems through authorization, continuous monitoring, and ensuring compliance. The foundation of ATO cybersecurity is understanding and managing risk to protect and enable operational missions.

The FAA anticipates that the requirements will encompass several areas. Program Control and Governance will cover program management, cybersecurity policy management, privacy, data calls, audits, and authorization management, including System Security Officers (SSOs), Cyber Security Assessment and Management (CSAM), and related memos.

Related: Avcon Industries obtains FAA STC for its dual camera ports on Cessna 208s

Enterprise Architecture, Design, and Solutions will include enterprise and system architecture, cyber supply chain risk management, cybersecurity strategic planning and analysis, future technology and capability insertion, and operating environment definitions.

Cybersecurity Engineering will focus on cyber engineering requirements development, system domain subject matter experts, the Risk Management Framework, software development, and enterprise solutions development.

Integration, Outreach, and Planning will involve training, workforce development, cybersecurity outreach and communication, cybersecurity tabletops, and operation risk management.

Responses to this survey must be returned to Elizabeth H. Williams, who can be emailed at [email protected], by 5 p.m. EDT on 17 July 2024. More information, including submission guidelines, for this survey, can be found at https://sam.gov/opp/79ef1ef95e214063b30059a363a4f860/view

Voice your opinion!

To join the conversation, and become an exclusive member of Military Aerospace, create an account today!