WASHINGTON - The Federal Aviation Administration (FAA) is surveying industry for technologies and expertise to help strengthen cyber security across the National Airspace System (NAS), including risk assessment, penetration testing, and operational cyber defense for safety-critical aviation infrastructure.
The FAA says the growing sophistication of cyber threats from nation-state actors and malicious groups is increasing the risk to the agency’s information systems and operational networks that support safe and efficient air travel.
The FAA relies heavily on secure and resilient cyber space infrastructure to operate the NAS, which includes radar systems, air-to-ground communications, telecommunications networks, and other operational technology that support air traffic control and aviation operations.
Related: FAA seeks industry input on post-quantum cryptography transition for air traffic control and IT systems
Multi-domain interest
The market survey seeks information from companies capable of supporting cyber security testing, operational security services, and independent risk assessments for NAS systems. These systems span multiple domains within the FAA, including operational NAS infrastructure, research and development environments, and mission-support information technology systems.
According to the notice, the FAA expects the effort to include vulnerability assessments, penetration testing, and cyber security control evaluations in operational technology environments such as industrial control systems, supervisory control and data acquisition (SCADA) networks, telecommunications infrastructure, and aviation-specific systems.
The agency is also interested in capabilities to support NAS Cyber Operations activities such as threat hunting, incident response coordination, regression testing of remediation actions, and cyber response planning exercises.
Architectual insights
Contractors may be asked to evaluate cyber security architectures for NAS systems that include radar networks, telecommunications infrastructure, air-to-ground communications, and hybrid environments that combine legacy platforms with newer cloud-integrated technologies.
In addition, companies may help identify cyber security capability gaps, assess emerging threats and technologies, and recommend improvements to strengthen resilience and recovery across aviation infrastructure.
Work could take place at contractor facilities and at several FAA sites nationwide, including FAA headquarters in Washington; the Air Traffic Control System Command Center; the William J. Hughes Technical Center in Atlantic City, N.J.; the Mike Monroney Aeronautical Center in Oklahoma City; and the FAA Security Operations Center in Leesburg, Va.
Related: FAA seeks industry concepts for next-generation tower simulation training systems
Companies responding to the survey are asked to submit capability statements describing their experience supporting cyber security operations in aviation, NAS, or other safety-critical environments; familiarity with FAA cyber security orders and NAS architecture; and the ability to conduct independent risk assessments and cyber security testing at locations nationwide.
Initial responses to this project are due on 18 March 2026 at 11:30 p.m. Eastern. The FAA named Elizabeth H. Williams as the primary point of contact for this inquiry. They can be reached via email at [email protected]. More information is available at: https://sam.gov/workspace/contract/opp/348a8dd92391446183b226cbc584b108/view.
