The US Transportation Security Administration (TSA) has mandated that airport and aircraft operators must improve their cybersecurity resilience.
The emergency amendment was issued in response to persistent threats against the country’s aviation sector and other critical infrastructure. Operators are required to develop a plan for improving resilience and preventing infrastructure disruption and degradation, assess the effectiveness of their measures and develop network segmentation controls and policies.
In addition, the TSA has mandated that aviation organizations implement access control mechanisms to prevent unauthorized access to critical systems, create incident detection and response policies and procedures, and ensure that their systems are not left unpatched.
Existing requirements include reporting significant cybersecurity incidents, having a point of contact for security issues, completing vulnerability assessments and creating an incident response plan.
The TSA’s announcement follows a recent directive for improving the cybersecurity of railroad operations in the US and the White House’s release of its National Cybersecurity Strategy.
The TSA said that it will continue to work closely with the Department of Transportation, CISA and industry partners to enhance the cybersecurity resilience of the nation’s critical infrastructure.
