A closer look at TSA’s new cybersecurity requirements for aviation

2023-03-23 05:30

The Transportation Security Administration recently issued new cybersecurity requirements for the aviation industry, which follows last year's announcement for railroad operators.

In the aviation industry, operational technology systems are used to control a variety of critical processes, such as air traffic control, aircraft maintenance, and flight operations.

The second requirement TSA outlines is to "Create access control measures to secure and prevent unauthorized access to critical cyber systems." Access control is a fundamental security practice that regulates who is allowed to access specific resources, such as data, applications, systems, or physical locations that any organization within critical infrastructure should have in place.

The aviation industry's investment in zero trust network access solutions would allow operators to secure cloud, remote, and on-prem access to their critical cyber systems and operations.

This TSA requirement will help aviation organizations identify and assess potential security risks and vulnerabilities in their IT infrastructure, including those associated with OT systems, and identify and respond quickly should a breach or attack occur.

TSA's cybersecurity requirements for the aviation industry are a necessary step in improving the nation's cybersecurity resiliency, especially with digital connectivity bridging the digital and physical worlds.

News URL

https://www.helpnetsecurity.com/2023/03/23/aviation-industry-cybersecurity-requirements/

#aviation #cybersecurity #TSA