FAA Systems:

Serious Challenges Remain in Resolving Year 2000 and Computer Security Problems

T-AIMD-98-251: Published: Aug 6, 1998. Publicly Released: Aug 6, 1998.

Additional Materials:

Contact:

Joel C. Willemssen
(202) 512-6253
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

GAO discussed the technological challenges confronting the Federal Aviation Administration (FAA), focusing on: (1) the year 2000 computing crisis; and (2) computer security.

GAO noted that: (1) FAA has made progress in managing its year 2000 problem and has completed critical steps in defining which systems need to be fixed and how to fix them; (2) however, with less than 17 months to go, FAA must still correct, test, and implement many of its mission-critical systems; (3) it is doubtful that FAA can adequately do all of this in the time remaining; (4) accordingly, it must determine how to ensure continuity of critical operations in the likely event of some systems' failures; (5) turning to computer security, FAA cannot provide assurance that the air traffic control systems on which it depends are sufficiently resistant to intrusion; (6) FAA's weak computer security practices were detailed in the classified version of a report GAO made available in May to key congressional committees and appropriate agency officials; (7) an unclassified version of the report is available to the public; (8) underlying weaknesses in FAA's management have allowed the agency's year 2000, computer security, and other information technology problems to persist; (9) GAO's work over the last 2 years has identified some of the root causes of, and pinpointed solutions to, these long-standing problems--including an incomplete systems architecture, weak software acquisition capabilities, unreliable cost information, and a problematic organizational culture; and (10) although FAA has initiated efforts in response to some of GAO's recommendations on these issues, most of them have not been fully implemented.