TSA tells US aviation industry to boost its cybersecurity

The
US
Transportation
and
Security
Administration
(TSA)
has
issued
new
requirements
for
airport
and
aircraft
operators
who,
they
say,
are
facing
a
“persistent
cybersecurity
threat.”

The
agency’s

new
directive
compels
the
aviation
industry
to
improve
their
defences
against
malicious
hackers
and
cybercriminals,
just
days
after
Preisdent
Biden
announced
its

National
Cybersecurity
Strategy
that
seeks
tighter
regulations
to
protect
the
United
States’s

critical
infrastructure.

Announcing
its
new
cybersecurity
requirements,
the
TSA
explained
that
airport
and
aircraft
operators
must
develop
a
TSA-approved
plan
that
explains
what
they
are
doing
to
“prevent
disruption
and
degradation
to
their
infrastructure.”

In
addition,
airport
and
aircraft
operators
have
been
told
to
assess
the
effectiveness
of
these
measures,
which
include
the
following
actions:

1. Develop
   network
   segmentation
   policies
   and
   controls
   to
   ensure
   that
   operational
   technology
   systems
   can
   continue
   to
   safely
   operate
   in
   the
   event
   that
   an
   information
   technology
   system
   has
   been
   compromised,
   and
   vice
   versa;
2. Create
   access
   control
   measures
   to
   secure
   and
   prevent
   unauthorized
   access
   to
   critical
   systems;
3. Implement
   continuous
   monitoring
   and
   detection
   policies
   and
   procedures
   to
   defend
   against,
   detect,
   and
   respond
   to
   cybersecurity
   threats
   and
   anomalies
   that
   affect
   critical
   system
   operations;
   and
4. Reduce
   the
   risk
   of
   exploitation
   of
   unpatched
   systems
   through
   the
   application
   of
   security
   patches
   and
   updates
   for
   operating
   systems,
   applications,
   drivers
   and
   firmware
   on
   critical
   systems
   in
   a
   timely
   manner
   using
   a
   risk-based
   methodology.

It
sounds
like
a
lot
of
work,
but
as
the
TSA
explains
it
is
introducing
the
regulations
as
an
“emergency
action”
because
of
what
it
describes
as
“persistent
cybersecurity
threats
against
U.S.
critical
infrastructure,
including
the
aviation
sector.”

Similar
measures
were
introduced
for
passenger
and
freight
railroad
carriers
in
October
2022.

“Protecting
our
nation’s
transportation
system
is
our
highest
priority,
and
TSA
will
continue
to
work
closely
with
industry
stakeholders
across
all
transportation
modes
to
reduce
cybersecurity
risks
and
improve
cyber
resilience
to
support
safe,
secure,
and
efficient
travel,”
said
TSA
Administrator
David
Pekoske.

The
aviation
industry
has
been
hit
regularly
by
hacking
attacks
that
have
disrupted
business,
and
sometimes

left
thousands
of
customers
stranded.

For
instance,
Albany
International
Airport
was

hit
by
an
attack
that
encrypted
its
files
on
Christmas
Day
2019,
that
demanded
a
ransom
be
paid
before
a
decryption
key
was
released.

Aside
from
the
obvious
threats
of
ransomware
and
data
held
to
ransom,
cybercriminals
have
also
launched
distributed
denial-of-service
(DDoS)
attacks
against
airlines
and
airports,
leaked
customers’
personal
information,
and
created
fake
websites
to
phish
the
unwary.

Editor’s
Note: The
opinions
expressed
in
this
guest
author
article
are
solely
those
of
the
contributor,
and
do
not
necessarily
reflect
those
of
Tripwire,
Inc.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts