TSA ISSUES NEW CYBERSECURITY REQUIREMENTS FOR AIRPORTS AND AIRCRAFT OPERATORS
April 24, 2023
On March 7, 2023, TSA issued an emergency cybersecurity amendment for certain airports’ and aircraft operators’ security programs. The goal of the new requirements is to increase resilience and protect the U.S. transportation system from cybersecurity threats. The new amendment will require that affected airports and aircraft operators develop an approved implementation plan that describes the measures they are taking to improve their cybersecurity and prevent threats to their infrastructure. Specifically, this includes taking the following actions:
-
Developing network segmentation policies and controls to ensure that operational technology systems can continue to safely operate in the event that an information technology system has been compromised, and vice versa.
-
Creating access control measures to secure and prevent unauthorized access to critical cyber systems.
-
Implementing continuous monitoring and detection policies and procedures to defend against, detect, and respond to cybersecurity threats and anomalies that affect critical cyber system operations.
-
Reducing the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers and firmware on critical cyber systems in a timely manner using a risk-based methodology.
Issuance of the new requirements comes in response to the Biden administration’s push to strengthen cybersecurity protections and defend against threats to critical infrastructure like the U.S.’ transportation system.
If you have any questions, please contact Evelyn Sahr (esahr@eckertseamans.com 202-659-6622) or Drew Derco (dderco@eckertseamans.com 202-659-6665).
Share This Post
Authors
