Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎03-15-2023 07:43 PM
‎03-15-2023 07:43 PM

TSA announce Cybersecurity requirements for airport and aircraft operators

Hi All

 

This one affects all airport and aircraft operations worldwide:

 

The Transportation Security Administration (TSA) announced a new set of cybersecurity requirements this week for airport and aircraft operators. The initiative constitutes "an emergency action," the TSA explained in an urgent press release "because of persistent cybersecurity threats against US critical infrastructure, including the aviation sector."

 

https://www.darkreading.com/ics-ot/tsa-issues-urgent-directive-aviation-cyber-resilient

 

Regards

 

Caute_Cautim

 

 

Regards

 

 

Reply
1 Reply
JoePete
Advocate I
‎03-16-2023 09:27 AM
‎03-16-2023 09:27 AM

@Caute_cautim wrote:

The Transportation Security Administration (TSA) announced a new set of cybersecurity requirements this week for airport and aircraft operators.

 

The requirements don't seem overly stringent. Where I usually start with"cyber infrastructure"  is asking the question "Is it necessary?" This is an evaluation that government and quasi-government agencies often struggle with. Do you need all this data? Do you need all these systems?  Must they be online?

 

For example, my wife just bought a new car that the dealer was excited to show her it could be started with just an app on her phone.  Why are we placing motor vehicles on the Internet? To broaden this back out to the TSA, how about we start with reducing the attackable footprint? Stop believing you can secure every node of the technology. That is the fundamental flaw when we start looking at infrastructure. The problem is not one of security; it's design and procurement. By the time, we, the security professionals, enter the picture, it's too late. The best we can do is triage. We figured it out with a pandemic - counter the risk with social distancing. How about we start practicing "cyber distancing?"  Reduce the footprint. Then we might have a better chance.

Reply