Aviation Cybersecurity:Key Shortfalls with FAA/TSA Cybersecurity Collaboration

Jimmc4141 pts0 comments

Aviation Cybersecurity: FAA and TSA Are Collaborating on Cybersecurity but Need to Address Key Shortfalls | U.S. GAO

Skip to main content

GAO-26-107693

Published: Jul 16, 2026. Publicly Released: Jul 16, 2026.

Jump To:

Elder Abuse

Services for Older Adults

State and Local-Level Drivers and Trends

State and Local Fiscal Projections

Federal Borrowing

Managing the Debt

Summary of Funding Provisions

Summary of FYs 2022-2024 Funds

Status of FYs 2022-2024 Funds

Implementation of FYs 2022-2023 Projects

Previous Tracking the Funds Reports

Auditing the Government's Books

Unpacking the Financial Report

Highlights

Recommendations

Background

About This Work

About This Work

Topics

Trends

About the Center

Why It's High Risk

What Remains To Be Done

Key Reports

Newest COVID-Related Reports

AI Use Cases

Flood Insurance

Past Pandemic-Related Reports

CARES Act Oversight Reports

All COVID-19 Reports

Report Suspected Fraud

Subjects

How to Get Notified

Past Reports

Public Health Threats

Explore the FY 2022 and 2023 Funds

Status of FY22 Projects

Lessons Learned

Agency Reports

Recent Reports

Recommendations

Supplemental Material

Full Report

Additional Data

View Decision

Downloads

Previously Identified Actions

Related Pages

Associated Agencies

Tough Choices and Opportunities Ahead

Americas Fiscal Future Key Areas

Retirement Security Key Areas

Current List

About The High Risk List

Area Ratings

Previous High Risk Products

Search Federal Vacancies

Past Federal Vacancies

Violation Letters

About the Yellow Book

Related Resources

Comment Letters

Related Publications

Contacts and Resources

Types of Changes

Listing of Key Changes

Major Issues Facing the Nation

Meeting Strategic Challenges

Additional Resources

About the Green Book

Resources

Advisory Council

Mission Teams

Operations and Staff Offices

Organization Chart

Why a Career at GAO?

Am I Qualified?

Company Culture

Reasonable Accommodations

Video Gallery

Paid Internships

Student Volunteers

Professional Development Program

Advancement

Executive Candidate Program

Summer Associates

Externships

Benefits

Contacts

Priority Open Recommendation Letters

Key Resources

Major Issues

Downloadable Resources

How Could Federal Debt Affect You?

GAO Contacts

Drivers

Interest

Sustainability

What Needs to Be Done?

Technology Assessments

Science & Tech Spotlights

Artificial Intelligence (AI)-Related Reports

Performance Audits

Blogs

Multimedia

Podcasts

Videos

Career Highlights

Tribute Videos & Statements

Testimonies

Presentations

Forums & Roundtables

Fast Facts

Aircraft rely on interconnected systems onboard and on the ground to move safely from one place to another. The interconnection of these systems makes them more vulnerable to cyberattacks.

The Federal Aviation Administration (FAA) and Transportation Security Administration (TSA) collaborate on aviation cybersecurity. There can be the appearance of overlapping roles and responsibilities between them. While FAA has clearly defined roles and responsibilities, TSA does not. FAA hasn’t fully reported its cybersecurity spending or implemented its cybersecurity strategy, among other things.

Our recommendations address these and other issues.

Air traffic control tower with airplane flying nearby.

Skip to Highlights

Highlights

What GAO Found

The Federal Aviation Administration (FAA) and Transportation Security Administration (TSA) work together to ensure the cybersecurity of the interconnected systems operating in the National Airspace System (NAS). FAA defined the roles and responsibilities of the entities responsible for carrying out the agency’s related goals and objectives. In contrast, TSA did not. TSA defined its goals and objectives for prioritizing cybersecurity within the agency and in the transportation systems sector in its 2018 Cybersecurity Roadmap. However, the roadmap is outdated and no longer aligned with the latest Department of Homeland Security Cybersecurity Strategy. The roadmap also does not identify the offices responsible for implementing it or define the agency’s cybersecurity-related roles and responsibilities in overseeing airport and aircraft operator security programs. Until TSA updates its Cybersecurity Roadmap to clearly identify its aviation cybersecurity roles and responsibilities, the agency cannot fully hold relevant entities accountable or enable continuous improvements to its related efforts. Moreover, clarity in TSA’s cybersecurity roles, and in turn those of stakeholders, could help minimize the risk of covered systems being exploited.

Interconnection of Aircraft Avionics and Air Traffic Control Facilities on the Ground

Seven FAA entities are responsible for implementing the agency’s Cybersecurity Strategy. The President’s budget requests from fiscal years 2024 through 2026 included funding requests for these entities ranging from approximately $42 million to $11...

cybersecurity reports related aviation federal agency

Related Articles