Aviation Cybersecurity: FAA and TSA Are Collaborating on Cybersecurity but Need to Address Key Shortfalls | U.S. GAO
Skip to main content
GAO-26-107693
Published: Jul 16, 2026. Publicly Released: Jul 16, 2026.
Jump To:
Elder Abuse
Services for Older Adults
State and Local-Level Drivers and Trends
State and Local Fiscal Projections
Federal Borrowing
Managing the Debt
Summary of Funding Provisions
Summary of FYs 2022-2024 Funds
Status of FYs 2022-2024 Funds
Implementation of FYs 2022-2023 Projects
Previous Tracking the Funds Reports
Auditing the Government's Books
Unpacking the Financial Report
Highlights
Recommendations
Background
About This Work
About This Work
Topics
Trends
About the Center
Why It's High Risk
What Remains To Be Done
Key Reports
Newest COVID-Related Reports
AI Use Cases
Flood Insurance
Past Pandemic-Related Reports
CARES Act Oversight Reports
All COVID-19 Reports
Report Suspected Fraud
Subjects
How to Get Notified
Past Reports
Public Health Threats
Explore the FY 2022 and 2023 Funds
Status of FY22 Projects
Lessons Learned
Agency Reports
Recent Reports
Recommendations
Supplemental Material
Full Report
Additional Data
View Decision
Downloads
Previously Identified Actions
Related Pages
Associated Agencies
Tough Choices and Opportunities Ahead
Americas Fiscal Future Key Areas
Retirement Security Key Areas
Current List
About The High Risk List
Area Ratings
Previous High Risk Products
Search Federal Vacancies
Past Federal Vacancies
Violation Letters
About the Yellow Book
Related Resources
Comment Letters
Related Publications
Contacts and Resources
Types of Changes
Listing of Key Changes
Major Issues Facing the Nation
Meeting Strategic Challenges
Additional Resources
About the Green Book
Resources
Advisory Council
Mission Teams
Operations and Staff Offices
Organization Chart
Why a Career at GAO?
Am I Qualified?
Company Culture
Reasonable Accommodations
Video Gallery
Paid Internships
Student Volunteers
Professional Development Program
Advancement
Executive Candidate Program
Summer Associates
Externships
Benefits
Contacts
Priority Open Recommendation Letters
Key Resources
Major Issues
Downloadable Resources
How Could Federal Debt Affect You?
GAO Contacts
Drivers
Interest
Sustainability
What Needs to Be Done?
Technology Assessments
Science & Tech Spotlights
Artificial Intelligence (AI)-Related Reports
Performance Audits
Blogs
Multimedia
Podcasts
Videos
Career Highlights
Tribute Videos & Statements
Testimonies
Presentations
Forums & Roundtables
Fast Facts
Aircraft rely on interconnected systems onboard and on the ground to move safely from one place to another. The interconnection of these systems makes them more vulnerable to cyberattacks.
The Federal Aviation Administration (FAA) and Transportation Security Administration (TSA) collaborate on aviation cybersecurity. There can be the appearance of overlapping roles and responsibilities between them. While FAA has clearly defined roles and responsibilities, TSA does not. FAA hasn’t fully reported its cybersecurity spending or implemented its cybersecurity strategy, among other things.
Our recommendations address these and other issues.
Air traffic control tower with airplane flying nearby.
Skip to Highlights
Highlights
What GAO Found
The Federal Aviation Administration (FAA) and Transportation Security Administration (TSA) work together to ensure the cybersecurity of the interconnected systems operating in the National Airspace System (NAS). FAA defined the roles and responsibilities of the entities responsible for carrying out the agency’s related goals and objectives. In contrast, TSA did not. TSA defined its goals and objectives for prioritizing cybersecurity within the agency and in the transportation systems sector in its 2018 Cybersecurity Roadmap. However, the roadmap is outdated and no longer aligned with the latest Department of Homeland Security Cybersecurity Strategy. The roadmap also does not identify the offices responsible for implementing it or define the agency’s cybersecurity-related roles and responsibilities in overseeing airport and aircraft operator security programs. Until TSA updates its Cybersecurity Roadmap to clearly identify its aviation cybersecurity roles and responsibilities, the agency cannot fully hold relevant entities accountable or enable continuous improvements to its related efforts. Moreover, clarity in TSA’s cybersecurity roles, and in turn those of stakeholders, could help minimize the risk of covered systems being exploited.
Interconnection of Aircraft Avionics and Air Traffic Control Facilities on the Ground
Seven FAA entities are responsible for implementing the agency’s Cybersecurity Strategy. The President’s budget requests from fiscal years 2024 through 2026 included funding requests for these entities ranging from approximately $42 million to $11...