The TSA announced today that they “issued a new cybersecurity amendment on an emergency basis to the security programs of certain TSA-regulated airport and aircraft operators, following similar measures announced in October 2022 for passenger and freight railroad carriers.”
In addition to requiring the development of a cybersecurity implementation plan “that describes measures they are taking to improve their cybersecurity resilience and prevent disruption and degradation to their infrastructure”. Those measures will include:
• Develop network segmentation
policies and controls to ensure that operational technology systems can
continue to safely operate in the event that an information technology system
has been compromised, and vice versa,
• Create access control measures to
secure and prevent unauthorized access to critical cyber systems,
• Implement continuous monitoring
and detection policies and procedures to defend against, detect, and respond to
cybersecurity threats and anomalies that affect critical cyber system
operations, and
• Reduce the risk of exploitation
of unpatched systems through the application of security patches and updates
for operating systems, applications, drivers and firmware on critical cyber
systems in a timely manner using a risk-based methodology.
Posts
No comments:
Post a Comment