DOT OIG Will Begin Work Immediately

The Department of Transportation Office of Inspector General has initiated an audit of security controls for the FAA’s Unmanned Aircraft System Registry.

According to a memo announcing the audit, the OIG said Unmanned Aircraft Systems (UAS) continue to present one of the most significant oversight challenges for the FAA. Given the yearly growth in UAS purchases, along with their increased integration into the National Airspace System, the FAA’s oversight depends in part on maintaining accurate and complete information on all users (both general public and commercial) who operate small UAS. The FAA compiles this information in its UAS registration system, also known as the FAA DroneZone. The FAA UAS registration system contains personally identifiable information (PII), including the names and mailing addresses of all registered users. In addition, the FAA's DroneZone is used to report small UAS accidents as well. As of December 2018, there were more than 1.2 million UAS registered in the FAA’s system.

Because of the volume of sensitive data provided by the general public as well as the importance of UAS user data to FAA’s oversight, we are initiating an audit to determine whether FAA’s UAS registration system has the proper information security controls and recovery procedures in place.

Our objectives for this self-initiated audit are to (1) assess the effectiveness of the FAA’s UAS registration system security controls, including controls to protect PII, and (2) determine whether the FAA’s contingency planning limits the effects caused by the loss of DroneZone during disruptions of service.

We plan to begin work immediately and will conduct the audit at FAA Headquarters and facilities, as well as contractor sites as necessary. We will contact your audit liaison to schedule an entrance conference.

(Source: DOT OIG news release)

FMI: www.oig.dot.gov