FAA aims to build better defenses against cyber, quantum threats
The Federal Aviation Administration is gathering information from potential private-sector partners to inform the buildout of its defenses against cyber and quantum threats, according to documents published this month.
The cybersecurity-focused market survey and quantum-related request for information are targeting the systems at the core of the Department of Transportation component’s multiyear, multibillion dollar modernization initiative: the National Airspace System and Air Traffic Control.
The FAA is looking for vendors that could improve its information security and operations, such as penetration testing, vulnerability evaluations and incident response coordination among other tasks. The scope of the project also includes assessing the current NAS cybersecurity posture to identify capability gaps, test emerging tech tools and recommend improvements.
The DOT component is also planning to move its NAS, ATC and IT systems infrastructure to post-quantum cryptography, a concept centered around mitigating attacks from future quantum computers by adopting new encryption methods.
“Without quantum‑resistant, crypto‑agile security, the NAS cannot achieve the reliability, performance, or international leadership required in the decades ahead,” the FAA said in its RFI published last week. “FAA therefore views PQC not as a compliance exercise, but as a foundational enabler of modernization — one that must be embedded into every vendor solution, every system upgrade, and every step of the Brand New Air Traffic Control System.”
PQC is a nascent field but has captured attention across federal agencies. The FAA is looking for vendors that can shed some light on the process of transitioning to PQC, costs associated and operational impacts along the way.
Interested applicants can respond to the RFI up until April 10. The cybersecurity market survey closes March 18.
The fact-finding expedition comes approximately two years before the FAA’s self-imposed deadline of implementing a new ATC system by the end of 2028.
FAA Administrator Bryan Bedford detailed some of the inroads made thus far during a pair of hearings in December. At the time, the FAA was beginning to convert copper lines to fiber and deploying new digital radio and voice switches. The official also touted contracts with initial partners, such as Peraton, and teased upcoming radar partners that were later announced in January.
In an attempt to remove silos and support modernization goals, the Transportation Department initiated an overhaul of the FAA’s organizational structure in January. As part of the plans, the FAA is consolidating management of IT and other divisions under the administrator and launching two new offices.
The stakes for acing the modernization effort were reaffirmed in February as the National Transportation Safety Board placed the blame for last year’s fatal DCA crash, in part, on the FAA’s technology-related failures.
In testimony before lawmakers earlier this month, the agency’s deputy inspector general highlighted potential roadblocks.
“FAA has not released a new comprehensive plan that anticipates and addresses risks,” DOT Deputy IG Mitch Behm said, referring to the modernization initiative.
“DOT must protect the IT systems that are critical to transportation safety and reliability,” he added. “However, our reports show that the department continues to face significant exploitable vulnerabilities and has yet to address a substantial backlog of security weaknesses.”
