The US Transportation Security Administration (TSA) has issued new requirements for airport and aircraft operators who, they say, are facing a "persistent cybersecurity threat."
The agency's new directive compels the aviation industry to improve their defences against malicious hackers and cybercriminals, just days after Preisdent Biden announced its National Cybersecurity Strategy that seeks tighter regulations to protect the United States's critical infrastructure.
Announcing its new cybersecurity requirements, the TSA explained that airport and aircraft operators must develop a TSA-approved plan that explains what they are doing to "prevent disruption and degradation to their infrastructure."
In addition, airport and aircraft operators have been told to assess the effectiveness of these measures, which include the following actions:
- Develop network segmentation policies and controls to ensure that operational technology systems can continue to safely operate in the event that an information technology system has been compromised, and vice versa;
- Create access control measures to secure and prevent unauthorized access to critical systems;
- Implement continuous monitoring and detection policies and procedures to defend against, detect, and respond to cybersecurity threats and anomalies that affect critical system operations; and
- Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers and firmware on critical systems in a timely manner using a risk-based methodology.
It sounds like a lot of work, but as the TSA explains it is introducing the regulations as an "emergency action" because of what it describes as "persistent cybersecurity threats against U.S. critical infrastructure, including the aviation sector."
Similar measures were introduced for passenger and freight railroad carriers in October 2022.
“Protecting our nation’s transportation system is our highest priority, and TSA will continue to work closely with industry stakeholders across all transportation modes to reduce cybersecurity risks and improve cyber resilience to support safe, secure, and efficient travel," said TSA Administrator David Pekoske.
The aviation industry has been hit regularly by hacking attacks that have disrupted business, and sometimes left thousands of customers stranded.
For instance, Albany International Airport was hit by an attack that encrypted its files on Christmas Day 2019, that demanded a ransom be paid before a decryption key was released.
Aside from the obvious threats of ransomware and data held to ransom, cybercriminals have also launched distributed denial-of-service (DDoS) attacks against airlines and airports, leaked customers' personal information, and created fake websites to phish the unwary.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.