Download document () of 20
Send email
Download
You have exceeded the download limit
Stay informed on the latest topics around protecting people and property from electrical hazards by signing up for notifications.
Last year, the U.S. government announced an emergency Transportation Security Administration (TSA) amendment, requiring TSA-regulated entities to enhance their cybersecurity resilience. This directive, following the National Cybersecurity Strategy, mandates airports to develop an approved implementation plan outlining the steps they are taking to enhance cybersecurity resilience, prevent disruptions and optimize their infrastructure. Crucially, the plan must include proactive assessments of the effectiveness of these measures.
In my opinion, this is a first step forward for organizations unfamiliar with cybersecurity best practices. This is because the government’s mandated approach streamlines cyber recommendations into four fundamental steps, making it more manageable compared to addressing hundreds of recommendations. Although the TSA directive is a great foundational framework for starting a cybersecurity program, it is important to recognize it is only a minimal federal requirement. In other words, this directive should only be a starting point for your organization, not the end goal.
And even though the TSA cybersecurity requirement for airports and airport operators is not a new development, it is always a good practice to review your critical systems to make sure they are properly protected. To understand more, let’s review the TSA directive and how you can go above and beyond its minimal requirements to ensure a cybersecure future for your organization.
The new emergency amendment requires that affected TSA-regulated entities develop an approved implementation plan that describes measures airports are taking to improve their cybersecurity resilience and prevent disruption and degradation to their infrastructure. Airports must also proactively assess the effectiveness of these measures, which include the following actions:
Implementing network segmentation policies is essential for safeguarding operational technology (OT) systems, even in the event of an information technology (IT) system compromise.
Streamlining compliance with this step requires adhering to industry best practices for network segmentation in both existing and new installations. At Eaton, we align our practices with the National Institute of Standards and Technology (NIST) cybersecurity framework.
An important first step in this process is to determine which networks require segmentation policies and controls. To do this, you must perform an assessment that identifies your most critical assets that simply must not fail. For example, loss of internet connectivity may be a minor issue whereas a failure in fire suppression systems or air traffic control could be a major problem.
To protect these critical assets, networks should be segmented and additional protections such as firewalls should be implemented. In terms of codes and standards, we recommend all connected devices should be third-party tested and UL certified for secure network integration.
Creating access control measures is essential to secure and prevent unauthorized access to critical cyber systems. At Eaton, we recommend assessing systems to identify potential gaps in access controls to critical systems and developing plans to remediate these gaps through cybersecurity improvements. This can include implementing improved user credentials, deploying role-based access controls, applying the least privilege principle and enabling secure remote access.
It's important to identify critical systems and focus on access controls at the device level. Role-based authentication is crucial, ensuring individuals have the necessary access for their roles. For example, a manager may have more privileges than a gate agent, and a security manager may have more privileges than a shift manager. It's about defining roles and determining the access needed to fulfill them using secure usernames and passwords rather than default or easily guessable combinations.
Implementing continuous monitoring and detection policies and procedures is crucial to defend against, detect and respond to cybersecurity threats and anomalies that affect critical cyber system operations. At Eaton, we recommend the use of monitoring and threat detection solutions specifically developed for OT environments.
There are various technologies available for continuous monitoring, and they typically focus on four key areas:
Remediation can also be a service provided by experts who can assist with installing and managing devices, interpreting vulnerabilities to better prioritize remediation efforts and deploying fixes such as uploading new firmware or replacing obsolete equipment. Having skilled experts in place can ensure monitoring tools are accurately interpreted and appropriate actions are taken to mitigate cybersecurity threats in OT environments.
Reducing the risk of unpatched systems is crucial for the security of critical cyber systems. This involves applying security patches and updates for operating systems, applications, drivers and firmware in a timely manner using a risk-based methodology.
At Eaton, we recommend leveraging asset inventory and vulnerability management tools to provide complete system visibility, minimize threats and ensure devices are secure throughout their entire lifecycle. This level of monitoring can also help identify systems that are not patched and deploy patches as needed.
Additionally, I believe it's essential to have a proactive approach to patch management. When a system is identified as being outdated or unpatched (especially if critical to operations), it should be patched promptly or a compensating control should be deployed along with a plan to patch it as soon as possible. This approach helps to minimize the window of vulnerability and reduce the risk of exploitation.
Transportation and aviation are considered critical infrastructure, and ensuring their ongoing cybersecurity resilience is paramount. The TSA directives outline essential measures that should be implemented to enhance cybersecurity but it is important to recognize the mandated process will only help you develop a baseline for cybersecurity. Additional measures are required to strengthen cybersecurity over the lifecycle of your facility.
I believe it helps to view organizational cybersecurity as an ongoing journey, not a destination. The TSA requirements are important because they underline the importance of continuously reviewing and modifying cybersecurity plans. However, much like preventive maintenance for electrical equipment, cybersecurity is only as effective as its continued application. Conducting annual cybersecurity assessments, prioritizing findings and remediating the most impactful issues are key steps to ensuring cybersecurity resilience over the long term.
Achieving lifecycle cybersecurity resilience should not be a complex or impossible task. And with the right partners, it is entirely feasible. If you don’t know where to start, our team of certified Eaton experts is prepared to help you develop and implement a plan to strengthen cyber resilience throughout your operation so you can proactively respond to cybersecurity threats and minimize interruptions to your operations.
MyEatonFAQs
