The
US
Transportation
and
Security
Administration
(TSA)
has
issued
new
requirements
for
airport
and
aircraft
operators
who,
they
say,
are
facing
a
“persistent
cybersecurity
threat.”
The
agency’s
new
directive
compels
the
aviation
industry
to
improve
their
defences
against
malicious
hackers
and
cybercriminals,
just
days
after
Preisdent
Biden
announced
its
National
Cybersecurity
Strategy
that
seeks
tighter
regulations
to
protect
the
United
States’s
critical
infrastructure.
Announcing
its
new
cybersecurity
requirements,
the
TSA
explained
that
airport
and
aircraft
operators
must
develop
a
TSA-approved
plan
that
explains
what
they
are
doing
to
“prevent
disruption
and
degradation
to
their
infrastructure.”
In
addition,
airport
and
aircraft
operators
have
been
told
to
assess
the
effectiveness
of
these
measures,
which
include
the
following
actions:
-
Develop
network
segmentation
policies
and
controls
to
ensure
that
operational
technology
systems
can
continue
to
safely
operate
in
the
event
that
an
information
technology
system
has
been
compromised,
and
vice
versa; -
Create
access
control
measures
to
secure
and
prevent
unauthorized
access
to
critical
systems; -
Implement
continuous
monitoring
and
detection
policies
and
procedures
to
defend
against,
detect,
and
respond
to
cybersecurity
threats
and
anomalies
that
affect
critical
system
operations;
and -
Reduce
the
risk
of
exploitation
of
unpatched
systems
through
the
application
of
security
patches
and
updates
for
operating
systems,
applications,
drivers
and
firmware
on
critical
systems
in
a
timely
manner
using
a
risk-based
methodology.
It
sounds
like
a
lot
of
work,
but
as
the
TSA
explains
it
is
introducing
the
regulations
as
an
“emergency
action”
because
of
what
it
describes
as
“persistent
cybersecurity
threats
against
U.S.
critical
infrastructure,
including
the
aviation
sector.”
Similar
measures
were
introduced
for
passenger
and
freight
railroad
carriers
in
October
2022.
“Protecting
our
nation’s
transportation
system
is
our
highest
priority,
and
TSA
will
continue
to
work
closely
with
industry
stakeholders
across
all
transportation
modes
to
reduce
cybersecurity
risks
and
improve
cyber
resilience
to
support
safe,
secure,
and
efficient
travel,”
said
TSA
Administrator
David
Pekoske.
The
aviation
industry
has
been
hit
regularly
by
hacking
attacks
that
have
disrupted
business,
and
sometimes
left
thousands
of
customers
stranded.
For
instance,
Albany
International
Airport
was
hit
by
an
attack
that
encrypted
its
files
on
Christmas
Day
2019,
that
demanded
a
ransom
be
paid
before
a
decryption
key
was
released.
Aside
from
the
obvious
threats
of
ransomware
and
data
held
to
ransom,
cybercriminals
have
also
launched
distributed
denial-of-service
(DDoS)
attacks
against
airlines
and
airports,
leaked
customers’
personal
information,
and
created
fake
websites
to
phish
the
unwary.
Editor’s
Note: The
opinions
expressed
in
this
guest
author
article
are
solely
those
of
the
contributor,
and
do
not
necessarily
reflect
those
of
Tripwire,
Inc.