February 25, 2024

US calls for better cybersecurity practices in aviation industry

The United States Transport Security Agency (TSA) released this week New Internet Security Patch Following similar measures announced in October 2022 for passenger and freight rail carriers, TSA-regulated airports and flight directors’ IS programs on an emergency basis. This is part of the Department of Homeland Security’s efforts to increase the IS resilience of companies working with critical infrastructure in the country.

The urgent action comes in light of continuing cyber security threats against critical US infrastructure, including the aviation industry. The new amendment requires TSA-regulated organizations affected by cyber-attacks to develop an approved implementation plan that outlines the steps they will take to improve their IS resiliency and prevent infrastructure disruptions or degradation.

They should proactively evaluate the effectiveness of these measures, which include:

1) Develop network segmentation policies and controls to ensure operational technology systems continue to operate securely in the event of an attack;

two) Develop access control measures and prevent unauthorized persons from accessing critical Internet systems;

3) Implement continuous monitoring and detection policies and procedures to identify and respond to threats and anomalies affecting critical cyber system operations;
4) Reduce the risk of exploiting unpatched systems by applying security patches and updates to operating systems, applications, drivers and firmware to cyber-critical systems in a timely manner using a risk-based approach.

This is the latest in TSA’s efforts to ensure critical transportation industry operators continue to improve their ability to defend against cyber threats. In addition, CISA-regulated organizations must comply with past requirements such as reporting significant incidents to the Cybersecurity and Infrastructure Security Agency (CISA); Establishing a cyber security point; Develop and adopt an incident response plan; and complete a cyber security vulnerability assessment.

Federal Cybersecurity Strategy

This is not the first move by the US government in this direction. Earlier this month, the White House unveiled the National Strategic Cyber ​​Security Plan, which will pave the way for America’s fight against cybercrime. The proposal presents five different pillars, each with specific subheadings: protection of critical infrastructure; detection and elimination of criminal activity; shaping market forces for security and resilience; Investments in flexible futures; and building external partnerships in pursuit of shared goals.

These pillars bring plans to develop security plans for cybernetic systems by partnering with the private sector and strengthening regulatory and monitoring agencies. Additionally, the plan proposes to give more power to investigative agencies and compel criminals to protect the environment and counterattack.

Finally, the letter also calls for discussion by other public institutions to develop legal frameworks for information transmitted over the country’s networks. This topic deals with holding suppliers responsible for unsafe products.

*With information from the Transportation Security Agency (TSA).