The federal Transportation Security Administration, which is part of the Department of Homeland Security, Tuesday issued new cybersecurity requirements for airport and aircraft operators.
“TSA is taking this emergency action because of persistent cybersecurity threats against U.S. critical infrastructure, including the aviation sector,” TSA Administrator David Pekoske said in a statement.
The TSA said this follows similar measures it announced in October 2022 for passenger and freight railroad carriers.
The agency said an emergency amendment requires TSA-regulated entities to develop a plan that describes the measures they are taking to improve their cybersecurity resilience and prevent disruption of their infrastructure.
They must also develop network segmentation policies and controls to ensure that operational technology systems can continue to operate safely if an information technology system has been compromised; create access control measures to prevent unauthorized access; implement continuous monitoring and detection policies and procedures; and reduce the risk of unpatched systems being exploited.
The TSA said in October it planned to issue new cybersecurity requirements for some key aviation systems after several U.S. airport websites were hit with apparently coordinated denial-of-service attacks.