The Transportation Security Administration (TSA) this week issued a new set of cybersecurity requirements for certain TSA-regulated airports, airlines, and aircraft operators.
Referred to by the TSA as an “emergency” cybersecurity amendment, the new requirements are aimed at bolstering aviation security amid “persistent cybersecurity threats against U.S. critical infrastructure, including the aviation sector,” the agency said.
Similar cybersecurity requirements were also issued for passenger and freight railroad carriers in October 2022 and are part of wide-ranging efforts by the U.S. government to increase cyber resilience across critical industries.
Under the requirements, TSA-regulated airports and aircraft operators are required to develop an “approved” implementation plan detailing measures they are taking to improve their cybersecurity and prevent attacks.
TSA Cybersecurity Requirements
The requirements also instruct TSA-regulated entities to create access “control measures” to stop critical cyber systems from being accessed by unauthorized individuals and to implement “continuous monitoring and detection policies and procedures” to help detect, prevent, and respond to cybersecurity threats and “anomalies” that impact critical cyber system operations.Additionally, they must reduce the risk of exploitation of unpatched systems—software or systems that contain known vulnerabilities that cannot or have not been fixed—via security patches and updates for operating systems, applications, drivers, and firmware across all critical cyber systems “in a timely manner using a risk-based methodology.”
“Protecting our nation’s transportation system is our highest priority and TSA will continue to work closely with industry stakeholders across all transportation modes to reduce cybersecurity risks and improve cyber resilience to support safe, secure, and efficient travel,” said TSA Administrator David Pekoske in a statement.
“This amendment to the aviation security programs extends similar performance-based requirements that currently apply to other transportation system critical infrastructure,” Pekoske said.
Hacking Attacks on US Airports
Under the strategy, President Joe Biden vowed to make “fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace,” including holding countries accountable for “irresponsible behavior” and working closely with allies abroad to reinforce international cyberspace law.The strategy also took aim at the nations of Russia, China, Iran, and North Korea, which the administration said are “aggressively using advanced cyber capabilities to pursue objectives that run counter to our interests and broadly accepted international norms.”
Several U.S. airports were targeted by pro-Russian hackers in October last year in large-scale denial-of-service attacks that saw their websites go offline for some time.
Airports targeted included Los Angeles International Airport, Hartsfield-Jackson Atlanta International Airport, Chicago O'Hare International Airport, as well as other airports in Florida, Colorado, Arizona, Kentucky, Mississippi, and Hawaii.
However, the attack did not impact airport operations.
The airline later secured the accounts and said it had seen “no evidence” to suggest that any of the hacked data had been misused.
