The FAA has taken some steps in recent months to help address the security weaknesses in its systems. The agency has not developed a cybersecurity threat model, the GAO says. FAA also has created a Cyber Security Steering Committee, but the committee is not part of that committee. The GAO recommends fixing that issue, in addition to the other changes in the report. The FAA may not be allocating resources properly to guard against the most significant cybersecurity threats, the report says, it says.
Source: https://threatpost.com/report-recommends-series-of-cybersecurity-changes-at-faa/112282/