Skip to content

TSA tells US aviation industry to boost its cybersecurity

As the US Transportation and Security Administration (TSA) reveals, the aviation industry is facing a “persistent cybersecurity threat” and has been issued new requirements to improve their defences against malicious hackers and cybercriminals. This follows the Biden administration’s announcement of its National Cybersecurity Strategy, which seeks tighter regulations to protect the United States’s critical infrastructure.

The TSA’s new directive requires airport and aircraft operators to develop a TSA-approved plan to prevent disruption and degradation to their infrastructure. This plan should include network segmentation policies and controls, access control measures, and continuous monitoring and detection policies and procedures. Furthermore, operators have been asked to reduce the risk of exploitation of unpatched systems through the application of security patches and updates in a timely manner.

The aviation industry has experienced a number of cyberattacks in recent years, from ransomware to DDoS attacks. In December 2019, Albany International Airport was hit by an attack that encrypted its files and demanded a ransom be paid before a decryption key was released. Similarly, other attacks have caused disruption for passengers, leaked personal information and created fake websites for phishing.

It is clear that the aviation industry must take proactive steps to protect itself from malicious cyberattacks. The TSA’s new requirements are an “emergency action” to reduce the risk of threats and keep passengers safe.

Key Points:
• The US Transportation and Security Administration (TSA) has issued new requirements for airport and aircraft operators to improve their defences against malicious hackers and cybercriminals.
• Operators must develop a TSA-approved plan, including network segmentation policies and controls, access control measures and continuous monitoring and detection policies and procedures.
• The aviation industry has experienced various types of cyberattacks, from ransomware to DDoS attacks.
• The TSA’s new requirements are an “emergency action” to reduce the risk of threats and keep passengers safe.

Leave a Reply

Your email address will not be published. Required fields are marked *