FAA bill's cyber provisions a good ‘first step,’ say backers

FAA bill's cyber provisions a good ‘first step,’ say backers

The long-term Federal Aviation Administration (FAA) reauthorization bill includes cybersecurity provisions that proponents say will help secure an aviation industry under siege from hackers.

Buried in the roughly 300-page offering — which the full Senate is currently debating — is a section directing the FAA to “foster a cybersecurity culture throughout the administration.”

ADVERTISEMENT

Specifically, it would require the agency to identify cyber threats and develop guidelines for responding to a digital attack. The bill would also direct the FAA to integrate cybersecurity measures “at all levels” of the air traffic control system as it moves to NextGen programs. That technology will help guide flights more efficiently but also make it easier for hackers to rapidly infiltrate the entire network.

“It’s a good first step, and we’ve got to address the question of cybersecurity,” Sen. Bill NelsonClarence (Bill) William NelsonTom Brady to Biden: '40 percent of the people still don't think we won' Rubio, Demings rake in cash as Florida Senate race heats up How transparency on UFOs can unite a deeply divided nation MORE (D-Fla.), a bill co-sponsor and ranking member of the Commerce Committee, told The Hill.

The aviation industry has become an increasingly attractive target for hackers.

In 2015 alone, digital attackers infiltrated the U.S. air traffic control system, forced airlines to ground planes and potentially stole the detailed travel records of millions of people.

The FAA has also been dinged for having “significant security control weaknesses” throughout its systems, according to a Government Accountability Office (GAO) report from March of last year.

According to the government watchdog, the flaws could allow cyber saboteurs to disrupt or reroute the nearly 3,000 U.S. flights in the air at any given moment.

The GAO also found the FAA had no overarching structure to defend its networks.

Nelson and other lawmakers have cautioned that the FAA reauthorization bill alone is not enough to get the aviation industry up to speed.

Sen. Susan CollinsSusan Margaret CollinsTransit funding, broadband holding up infrastructure deal The Hill's Morning Report - Infrastructure vote fails; partisan feud erupts over Jan. 6 panel Senate falling behind on infrastructure MORE (R-Maine), who chairs the Appropriations subcommittee that oversees the FAA, has pushed to mandate cybersecurity reporting in the aviation industry.

“There should be a requirement for immediate reporting to the federal government,” she told The Hill last fall.

Under the proposed reauthorization language, the FAA would have to submit a progress report to Congress within a year of the bill's passage.