Listen
to
this
post
On
March
7,
2023,
the
Transportation
Security
Administration
(“TSA”)
announced
the
issuance
on
an
emergency
basis
of
a
cybersecurity
amendment
to
the
security
programs
of
certain
TSA-regulated
airport
and
aircraft
operators,
as
part
of
the
U.S.
Department
of
Homeland
Security’s
initiatives
to
improve
the
cybersecurity
of
U.S.
critical
infrastructure.
The
amendment
requires
impacted
TSA-regulated
entities
to
develop
an
approved
implementation
plan
that
describes
the
measures
the
entities
are
taking
to
improve
their
cybersecurity
resilience
and
prevent
potential
disruptions
or
degradations
to
their
infrastructure.
These
TSA-regulated
entities
must
also
proactively
assess
the
effectiveness
of
these
measures
by:
-
Developing
network
segmentation
policies
and
controls
to
ensure
that
operational
technology
systems
can
continue
to
safely
operate
in
the
event
that
an
information
technology
system
has
been
compromised,
and
vice
versa; -
Creating
access
control
measures
to
secure
and
prevent
unauthorized
access
to
critical
cyber
systems; -
Implementing
continuous
monitoring
and
detection
policies
and
procedures
to
defend
against,
detect
and
respond
to
cybersecurity
threats
and
anomalies
that
affect
critical
cyber
system
operations;
and -
Reducing
the
risk
of
exploitation
of
unpatched
systems
through
the
application
of
security
patches
and
updates
for
operating
systems,
applications,
drivers
and
firmware
on
critical
cyber
systems
in
a
timely
manner
using
a
risk-based
methodology.
The
amendment
follows
the
March
2,
2023
announcement
of
the
White
House’s
National
Cybersecurity
Strategy
and
an
October
2022
TSA
directive
to
improve
cybersecurity
for
passenger
and
freight
railroad
carriers.