Tuesday, March 7, 2023

TSA Announces New Airport and Airline Cybersecurity Requirements

The TSA announced today that they “issued a new cybersecurity amendment on an emergency basis to the security programs of certain TSA-regulated airport and aircraft operators, following similar measures announced in October 2022 for passenger and freight railroad carriers.”

In addition to requiring the development of a cybersecurity implementation plan “that describes measures they are taking to improve their cybersecurity resilience and prevent disruption and degradation to their infrastructure”. Those measures will include:

• Develop network segmentation policies and controls to ensure that operational technology systems can continue to safely operate in the event that an information technology system has been compromised, and vice versa,

• Create access control measures to secure and prevent unauthorized access to critical cyber systems,

• Implement continuous monitoring and detection policies and procedures to defend against, detect, and respond to cybersecurity threats and anomalies that affect critical cyber system operations, and

• Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers and firmware on critical cyber systems in a timely manner using a risk-based methodology.

No comments:

/* Use this with templates/template-twocol.html */