TSA Issues Urgent Directive to Make Aviation More Cyber Resilient

  /     /     /  
Publicated : 23/11/2024   Category : security


TSA Issues Urgent Directive to Make Aviation More Cyber Resilient


Will stricter cybersecurity requirements make flying safer? The TSA says yes, and sees it as a time-sensitive imperative.



The Transportation Security Administration (TSA) announced a new set of cybersecurity requirements this week for airport and aircraft operators. The initiative constitutes an emergency action, the
TSA explained in a press release
, urgent because of persistent cybersecurity threats against US critical infrastructure, including the aviation sector.
This announcement comes hot on the heels of the White Houses
National Cybersecurity Strategy
, published March 2. Its all part of a broader government effort to increase cyber resilience across critical industries.
Back in July, for example, the
TSA issued near word-for-word similar requirements for the rail industry
. As Robert Carter Langston, press secretary for the TSA, tells Dark Reading: This amendment to the aviation security programs extends similar cybersecurity performance-based requirements that currently apply to other transportation system critical infrastructure.
Its good that the TSA is codifying these requirements, says Mike Parkin, senior technical engineer at Vulcan Cyber, though it remains to be seen how it will affect airline passengers.
This isnt TSAs first set of cyber rules of the road for airport and airline operators. In years prior, the TSA instituted requirements for operators to report significant cyber breaches to the Cybersecurity and Infrastructure Security Agency (CISA), establish cybersecurity points of contact, develop incident response plans, and complete vulnerability assessments.
The new set of rules states that TSA-regulated organizations must develop and assess an approved implementation plan that describes measures they are taking to improve their cybersecurity resilience and prevent disruption and degradation to their infrastructure, the agency wrote. TSA described four primary measures:
Develop network segmentation policies and controls to ensure that operational technology systems can continue to safely operate in the event that an information technology system has been compromised, and vice versa;
Create access control measures to secure and prevent unauthorized access to critical cyber systems;
Implement continuous monitoring and detection policies and procedures to defend against, detect, and respond to cybersecurity threats and anomalies that affect critical cyber system operations; and
Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers, and firmware on critical cyber systems in a timely manner using a risk-based methodology.
Tom Kellermann, senior vice president of cyber strategy at Contrast Security, noted that the guidelines are timely, and that TSAs emergency designation could be well warranted.
I think it is wise of the TSA to require airport and aircraft operators to improve their cybersecurity resilience as attacks and geopolitical tension have continued to escalate over the years, he said in an emailed statement. Airports and aircraft operators have also been caught in the cross hairs of Russian and Iranian cyber crews. This is why the aviation industry needs to protect all digital controls because they can and will be hacked. I truly believe that the cyber 9/11 is coming, which is why operators must invest in proactive cybersecurity measures.
Whether these new guidelines will make any real, material difference in airline security remains to be seen, but researchers welcomed them nonetheless.
On one hand, the details of exactly what will be considered sufficient security, from airports and airlines, and how compliance will be enforced, are still hazy. According to Langston, the details of how each organization will implement these measures will be coordinated directly with TSAs stakeholders.
Even if airlines and airports do take heed, though, will the effects be significant? TSAs initiative does fall in line with, and reinforces, the new National Cybersecurity Strategy document, and makes sense from multiple angles, Parkin says, but neither network segmentation nor access control, monitoring, or patching are particularly groundbreaking ideas.
As Parkin points out, None of these requirements arent already considered industry best practice[s] and things the airport authorities and airline operators shouldnt be doing already.
Kellerman, however, noted that some advanced tools fall under the broad umbrella of TSAs broader language in the requirements. Those include micro-segmentation of networks, managed detection and response services (MDR), runtime application self-protection (RASP), and
multifactor authentication (MFA)
to protect against future intrusions, he noted. They should also consider moving to secure cloud environments that deploy serverless application security. If we have learned anything from ongoing attacks, it is that cybersecurity is a functionality of conducting business, not an expense, and that TSA cannot protect operators from growing ephemeral threats.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
TSA Issues Urgent Directive to Make Aviation More Cyber Resilient