The Federal Aviation Administration’s (FAA) air traffic control (ATC) computer system provides information to air traffic controllers and aircraft flight crews to ensure safe and expeditious movement of aircraft. Failure to adequately protect these systems, as well as the facilities that house them, could cause nationwide disruption of air traffic or even loss of life due to collisions. Since malicious attacks on computer systems are an increasing threat, it is essential that the FAA ensures the integrity and availability of ATC information, and protects it from unauthorized users. The Committee on Governmental Affairs was asked to determine (1) whether the FAA is effectively managing physical security at ATC facilities and systems security for its current operational systems, (2) whether the FAA is effectively managing systems security for future ATC modernization systems, and (3) the effectiveness of the FAA’s management structure and implementation of policy for computer security. It was concluded that the FAA is ineffective in all critical areas included in the computer security review. Recommendations include developing and executing a plan to inspect the 187 ATC facilities that have not been inspected in over 4 years and correct any weaknesses identified. Also, the FAA must assess, certify, and accredit all ATC systems as expeditiously as possible. Another recommendation is to establish an effective management structure for developing, implementing, and enforcing ATC computer security policy. 15 notes.