On March 8th, 2023, the Transportation Security Administration (TSA) announced a new and important cybersecurity amendment to the security programs of certain TSA-regulated airports and aircraft operators in the US. This emergency action follows a similar set of measures announced in October 2022 for passenger and freight railroad carriers. The TSA is taking this action due to persistent (and growing) cybersecurity threats directed against U.S. critical infrastructure, including the aviation sector. The overall goal is to increase the cybersecurity resilience of and harden U.S. critical infrastructure with extensive collaboration with aviation partners.
In the wake of increasing cybersecurity threats, the TSA is prioritizing the importance of OT network segmentation policies and controls in the aviation sector. One of the key requirements outlined in the new amendment is the need for an OT network segmentation and controls. This is a critical step in ensuring that operational technology systems can continue to operate safely in the event that an information technology system has been compromised, and vice versa. By creating separate OT network segments for different types of systems, operators can reduce the risk of a single cyberattack taking down their entire infrastructure.
OT Network Segmentation for Critical Infrastructure
OT Network segmentation is a fundamental principle of cybersecurity and is essential for protecting critical infrastructure. Without proper OT network segmentation, a cyber attacker can easily move from one system to another, causing widespread disruption and damage. By isolating different types of systems from each other, operators can limit the impact of a cyberattack and prevent it from spreading throughout their network.
In addition to OT network segmentation, the new amendment also requires operators to implement access control measures to prevent unauthorized access to critical cyber systems. This is another critical step in securing their networks and preventing cyberattacks. By limiting access to critical systems, operators can reduce the risk of a cyber attacker gaining control of their infrastructure.
Continuous monitoring and detection policies and procedures are also essential for defending against cyber threats. Operators must be vigilant in monitoring their networks for signs of suspicious activity and responding quickly to any anomalies. This requires a combination of advanced cybersecurity tools and skilled cybersecurity personnel.
Also read: How to get started with OT security
Finally, the new amendment also emphasizes the importance of timely patching and updating of critical cyber systems. This is essential for reducing the risk of exploitation of unpatched systems, which are often targeted by cyber attackers. By prioritizing patching and updating of critical systems, operators can reduce the risk of a successful cyberattack.
These measures are essential for protecting the nation’s critical infrastructure and ensuring the safe and secure transportation of people and goods. The TSA is working closely with industry stakeholders across all transportation modes to reduce cybersecurity risks and improve cyber resilience.
This new amendment builds on previous requirements for TSA-regulated airport and aircraft operators, which included measures such as reporting significant cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA), establishing a cybersecurity point of contact, developing and adopting a cybersecurity incident response plan, and completing a cybersecurity vulnerability assessment.
The TSA’s efforts to enhance the cybersecurity resilience of U.S. critical infrastructure are part of a larger national effort to secure the full benefits of a safe and secure digital ecosystem for all Americans. On March 2nd, 2023, the Biden-Harris Administration announced the National Cybersecurity Strategy to prioritize cybersecurity for all Americans.
In conclusion, here are 7 key takeaways from the TSA’s new cybersecurity amendment:
- TSA has issued a new cybersecurity amendment on an emergency basis for certain TSA-regulated airport and aircraft operators. This amendment is part of the Department of Homeland Security’s efforts to increase the cybersecurity resilience of U.S. critical infrastructure.
- The new emergency amendment requires impacted TSA-regulated entities to develop an approved implementation plan that describes measures they are taking to improve their cybersecurity resilience and prevent disruption and degradation to their infrastructure.
- TSA is prioritizing OT network segmentation, access control measures, continuous monitoring and detection policies, and timely application of security patches and updates for critical cyber systems.
- The Biden-Harris Administration announced the National Cybersecurity Strategy on March 2 to secure the full benefits of a safe and secure digital ecosystem for all Americans.
- TSA will continue to work closely with the Department of Transportation, CISA, and industry partners to strengthen the cybersecurity resilience of the nation’s critical infrastructure.
- Previous requirements for TSA-regulated airport and aircraft operators included reporting significant cybersecurity incidents to CISA, establishing a cybersecurity point of contact, developing and adopting a cybersecurity incident response plan, and completing a cybersecurity vulnerability assessment.
- TSA uses an intelligence-based approach and works closely with transportation, law enforcement, and intelligence communities to set the standard for excellence in transportation security.
By prioritizing OT network segmentation and implementing other key cybersecurity measures, TSA-regulated entities can help reduce cybersecurity risks and improve cyber resilience to support safe, secure, and efficient travel.
We are giving away threat intelligence for free for the next 2 weeks. Find out how you can sign up and try out our threat intelligence feeds
Find out what is lurking in your network. Go for a comprehensive 3-layer threat assessment now