{"id":243846,"date":"2026-07-16T12:20:00","date_gmt":"2026-07-16T16:20:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/07\/16\/gaps-in-network-security-oversight-strategy-hamper-uss-aviation-cybersecurity-regulators\/"},"modified":"2026-07-16T12:35:08","modified_gmt":"2026-07-16T16:35:08","slug":"gaps-in-network-security-oversight-strategy-hamper-uss-aviation-cybersecurity-regulators","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/07\/16\/gaps-in-network-security-oversight-strategy-hamper-uss-aviation-cybersecurity-regulators\/","title":{"rendered":"Gaps in network security, oversight strategy hamper US\u2019s aviation cybersecurity regulators"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/aviation-cybersecurity-faa-tsa-gao-report\/825416\/\">Gaps in network security, oversight strategy hamper US\u2019s aviation cybersecurity regulators<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/aviation-cybersecurity-faa-tsa-gao-report\/825416\/\">https:\/\/www.cybersecuritydive.com\/news\/aviation-cybersecurity-faa-tsa-gao-report\/825416\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-16 12:20:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>The agencies responsible for protecting the U.S.\u2019s aviation system from devastating cyberattacks have only partially implemented a collection of important security improvements and process changes, according to a newly released audit.<br \/>\nThe Federal Aviation Administration (FAA) hasn\u2019t sufficiently modernized its network-monitoring and identity-management capabilities, while the Transportation Security Administration (TSA) hasn\u2019t defined its cybersecurity responsibilities or how it will implement them, the Government Accountability Office (GAO) said in a report released on Thursday.<\/p>\n<p>The report\u2019s findings point to lingering weaknesses in the nation\u2019s aviation security system at a time when nation-state hackers are increasingly seeking ways to destabilize American society as a means of deterring U.S. involvement in foreign conflicts.<br \/>\n\u201cCommercial flight operations rely on interconnected systems that reside onboard an aircraft and on the ground in the National Airspace System,\u201d GAO said. \u201cGiven this interconnectivity, these systems are inherently more vulnerable to exploitation and are at an increased risk of being targeted by malicious actors.\u201d<br \/>\nDisparate progress on FAA cyber strategy<br \/>\nThe FAA\u2019s 2020 Cybersecurity Strategy lays out several goals for the agency, with one of the most significant objectives being the protection of agency networks, including the systems that handle the delicate, high-stakes task of steering aircraft safely through U.S. airspace.<br \/>\nBut the FAA has only fully implemented three of the seven objectives associated with this network-protection goal: improving threat intelligence collection and dissemination; improving threat detection and mitigation capabilities; and incorporating cybersecurity research into defensive work.<br \/>\nThe agency lagged behind in four other critical areas: improving its monitoring, detection, and response capabilities; improving user access controls and user activity monitoring; aligning security controls with the National Institute of Standards and Technology\u2019s guidelines; and implementing zero-trust architecture.<br \/>\nThe FAA said it was \u201cworking to implement near real-time cyber monitoring capabilities\u201d for the 35 systems that still did not have them.<br \/>\nGAO said the FAA had failed to complete more objectives because it \u201clacked a comprehensive process to monitor and evaluate the implementation of its goals.\u201d<\/p>\n<p>\u201cTaking steps to ensure it carries out the monitoring as planned, including incorporating lessons learned from its past experiences, would help position the agency to achieve its goals for protecting its networks and systems and to effectively mitigate cybersecurity risks,\u201d analysts wrote.<br \/>\nZero-trust efforts stalled<br \/>\nSecurity experts consider zero-trust architecture a critical tool for limiting the damage that a hacker can do after breaching a network, but the FAA\u2019s zero-trust migration plan is incomplete, according to GAO. Auditors found that the plan omitted details about applying zero-trust to the FAA\u2019s research and development systems and failed to align with all of NIST\u2019s zero-trust recommendations.<br \/>\nThe FAA\u2019s plan does not include a NIST-recommended description of how the agency will identify and manage the assets that need protecting in its R&#038;D environment, according to GAO. In addition, it does not incorporate NIST\u2019s recommendation to monitor the effectiveness of the all-important zero-trust algorithm that will autonomously grant or deny access to certain computer systems.<br \/>\n\u201cWithout fully aligning its zero trust implementation plan with NIST\u2019s best practices across all operating environments,\u201d GAO said, \u201cFAA cannot ensure that it is effectively and comprehensively managing cybersecurity risks during [National Airspace System] modernization.\u201d<br \/>\nConfusion around TSA\u2019s role<br \/>\nWhile the FAA certifies aircrafts\u2019 overall safety and helps guide them through the skies, the TSA regulates airports\u2019 and airlines\u2019 cybersecurity practices, from network protection to incident reporting. But according to GAO, the TSA still hasn\u2019t specified how it will carry out those responsibilities or identified the offices and teams responsible for accomplishing its cybersecurity goals.<br \/>\nThat inaction has caused alarm within the aviation sector and led the TSA\u2019s partners to doubt its ability to accomplish its cybersecurity mission.<br \/>\n\u201cIn interviews with 11 selected aviation stakeholders, some of the stakeholders expressed concerns about the clarity of TSA\u2019s role and responsibilities for aviation cybersecurity,\u201d GAO said in its report.<br \/>\nOne airline told auditors that it believed the TSA \u201clacked the resources, authority, and expertise to properly regulate cybersecurity,\u201d while three other stakeholders said TSA regulations issued in March 2023 created confusion because the stakeholders thought the FAA was their regulator. (A 2024 law clarified that the FAA had the exclusive authority to issue cybersecurity rules for civil aircraft.)<br \/>\nThe interconnectivity between the systems that the TSA regulates and the systems that the FAA regulates \u201ccreates the appearance of overlapping roles and responsibilities among these two agencies,\u201d GAO warned. \u201cUntil TSA updates its Cybersecurity Roadmap to clearly identify its aviation cybersecurity roles and responsibilities, the agency cannot fully hold relevant entities accountable or enable continuous improvements to its related efforts.\u201d<br \/>\nRecommendations and responses<br \/>\nBased on its findings, GAO urged the TSA to update its cybersecurity plan and communicate with stakeholders about those updates. Auditors also told the FAA to make its zero-trust migration plan more comprehensive, align it with NIST recommendations and improve oversight of its overall cyber strategy implementation.<br \/>\nThe Department of Homeland Security, which oversees the TSA, agreed to implement GAO\u2019s TSA-specific recommendation and said it expected the TSA to modernize its cybersecurity plan by the end of May 2027. The Department of Transportation, which oversees the FAA, agreed to implement the report\u2019s four FAA-specific recommendations and promised to provide a status update to GAO within 180 days.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Gaps in network security, oversight strategy hamper US\u2019s aviation cybersecurity regulators https:\/\/www.cybersecuritydive.com\/news\/aviation-cybersecurity-faa-tsa-gao-report\/825416\/ Publish Date: 2026-07-16&#8230;<\/p>\n","protected":false},"author":1,"featured_media":243847,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/D5XZmIT3m071xHRi7C4g47WTwYHSPRveKxKK5ODYT60\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0yMjQ4NjE3Njc0LmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,35,29],"class_list":["post-243846","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-hacker","tag-network-security"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243846"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=243846"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243846\/revisions"}],"predecessor-version":[{"id":243848,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243846\/revisions\/243848"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/243847"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=243846"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=243846"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=243846"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}