The US Transportation Security Administration (TSA) has issued a new cybersecurity amendment on an emergency basis to the security programs of certain TSA-regulated airport and aircraft operators.
According to the TSA, this is part of the Department of Homeland Security’s efforts to increase the cybersecurity resilience of US critical infrastructure and follows extensive collaboration with aviation partners.
“Protecting our nation’s transportation system is our highest priority and TSA will continue to work closely with industry stakeholders across all transportation modes to reduce cybersecurity risks and improve cyber resilience to support safe, secure and efficient travel,” said TSA Administrator David Pekoske. “This amendment to the aviation security programs extends similar performance-based requirements that currently apply to other transportation system critical infrastructure.”
The TSA says it is taking this emergency action because of persistent cybersecurity threats against US critical infrastructure, including the aviation sector. The new emergency amendment requires that impacted TSA-regulated entities develop an approved implementation plan that describes measures they are taking to improve their cybersecurity resilience and prevent disruption and degradation to their infrastructure. They must also proactively assess the effectiveness of these measures, which include the following actions: