The US Transportation Security Administration (TSA) has announced new cybersecurity requirements for airport and aircraft operators, which prioritises the development of network segmentation policies and controls.
These segmentation policies are aimed at enabling operational technology systems to safely run in case of a breach of an information technology system and vice versa.
TSA unveiled the amendment on an emergency basis as part of the Department of Homeland Security’s efforts to enhance cybersecurity resilience of the country’s vital infrastructure.
Under the new amendment, TSA-regulated entities will be required to develop an approved implementation plan, outlining the actions taken to boost their cybersecurity resilience and avoid infrastructure disruption.
Besides, the entities are required to evaluate the effectiveness of the actions and establish access control measures to prevent unlawful access to crucial cyber systems.
They must also implement continuous monitoring and detection policies and lower exploitation risk of unpatched systems via application of security patches and updates for operating systems.
The move is part of TSA’s efforts, which requires critical transportation sector operators to combat cybersecurity risks.
It comes in the wake of continuous cybersecurity threats hitting the country’s critical infrastructure, including the aviation industry.
TSA administrator David Pekoske said: “Protecting our nation’s transportation system is our highest priority and TSA will continue to work closely with industry stakeholders across all transportation modes to reduce cybersecurity risks and improve cyber resilience to support safe, secure and efficient travel.
“This amendment to the aviation security programmes extends similar performance-based requirements that currently apply to other transportation system critical infrastructure.”