FAA Systems

The Federal Aviation Administration (FAA) has made progress in managing its Year 2000 problem and has completed critical steps in defining which systems need to be fixed and how to fix them. However, with less than 17 months to go, FAA must still correct, test, and implement many of its mission-critical systems. It is doubtful whether FAA can adequately do all of this in the time remaining. Accordingly, FAA must determine how to ensure continuity of critical operations in the likely event of some system failures. GAO also notes that FAA cannot ensure that the air traffic control systems on which it depends are sufficiently resistant to intrusion. Underlying weaknesses in FAA's management have allowed the agency's Year 2000, computer security, and other information technology problems to persist. The underlying causes of some of these long-standing problems include an incomplete systems architecture, poor software acquisition capabilities, unreliable cost information, and a problematic organizational culture. Although FAA has taken steps in response to GAO's recommendations, most of them have not been fully implemented.

GAO noted that: (1) FAA has made progress in managing its year 2000 problem and has completed critical steps in defining which systems need to be fixed and how to fix them; (2) however, with less than 17 months to go, FAA must still correct, test, and implement many of its mission-critical systems; (3) it is doubtful that FAA can adequately do all of this in the time remaining; (4) accordingly, it must determine how to ensure continuity of critical operations in the likely event of some systems' failures; (5) turning to computer security, FAA cannot provide assurance that the air traffic control systems on which it depends are sufficiently resistant to intrusion; (6) FAA's weak computer security practices were detailed in the classified version of a report GAO made available in May to key congressional committees and appropriate agency officials; (7) an unclassified version of the report is available to the public; (8) underlying weaknesses in FAA's management have allowed the agency's year 2000, computer security, and other information technology problems to persist; (9) GAO's work over the last 2 years has identified some of the root causes of, and pinpointed solutions to, these long-standing problems--including an incomplete systems architecture, weak software acquisition capabilities, unreliable cost information, and a problematic organizational culture; and (10) although FAA has initiated efforts in response to some of GAO's recommendations on these issues, most of them have not been fully implemented.