The US Transportation Security Administration (TSA) said on Tuesday that airport and aircraft operators will be required to improve their cybersecurity resilience. The agency said the new requirements, issued through an emergency amendment, come in response to the persistent threats against the country’s aviation sector and other critical infrastructure.
Under the new requirements, airport and aircraft operators are required to develop a plan for improving their resilience and preventing infrastructure disruption and degradation. This includes network segmentation controls and policies, access control mechanisms, incident detection and response policies and procedures, and ensuring that their systems are not left unpatched. The TSA also requires that significant cybersecurity incidents be reported to the Cybersecurity and Infrastructure Security Agency (CISA) and that a point of contact for security-related issues be designated.
The new requirements come just months after the TSA issued a directive for improving the cybersecurity of railroad operations and just days after the White House released its National Cybersecurity Strategy. The TSA said it will continue to work closely with the Department of Transportation, CISA and industry partners to strengthen the cybersecurity resilience of the nation’s critical infrastructure.
The strengthening of cybersecurity resilience in the aviation and transportation sector is a critical step in protecting the United States from cyber threats. The TSA’s new requirements help to ensure that airport and aircraft operators have the necessary protections in place to defend against potential cyberattacks.
Key Points:
- The US Transportation Security Administration (TSA) announced new requirements for airport and aircraft operators to improve their cybersecurity resilience.
- These requirements include developing a plan for improving resilience, network segmentation controls and policies, access control mechanisms, and incident detection and response policies and procedures.
- Significant cybersecurity incidents must be reported to the Cybersecurity and Infrastructure Security Agency (CISA) and a point of contact for security-related issues must be designated.
- The new requirements come just months after the TSA issued a directive for improving the cybersecurity of railroad operations and just days after the White House released its National Cybersecurity Strategy.
- The strengthening of cybersecurity resilience in the aviation and transportation sector is a critical step in protecting the United States from cyber threats.
