Critical Infrastructure Regulations
Cybersecurity for Airports and Aircraft Operators
Implementing TSA’s New Aviation Cybersecurity Requirements
In March 2023, the Transportation Security Administration (TSA) issued new cybersecurity requirements for TSA-regulated airport and aircraft operators. Tenable makes it easy to comply with these requirements, while maintaining the security and productivity of your systems.
Request a DemoHow Tenable Can Help
TSA rules require airport and aircraft operators to develop an approved implementation plan that describes measures they are taking to improve their cybersecurity resilience and prevent disruption and degradation to their operational technology (OT) and IT infrastructure. The rules also require organizations to proactively assess the effectiveness of these measures.
This is only a partial list of TSA requirements. For the complete list, please see here.
Regulation / Recommendation
Implement network segmentation policies and controls to ensure the operational technology system can continue to safely operate in the event an information technology (IT) system has been compromised.
How We Help
Segmenting a network limits how far an attack can spread by limiting access privileges; however, segmentation also limits device visibility. Tenable discovers how devices communicate and which protocols they leverage, providing a contextual asset inventory that is critical for securing your OT environment. Additionally, you can identify high-risk IT assets an attacker would target and then prioritize actions to mitigate risk.
Regulation / Recommendation
Implement continuous monitoring and detection policies and procedures to detect cybersecurity threats and connect anomalies that affect operations.
How We Help
Tenable leverages multiple detection methodologies to alert on threats coming from external and internal sources. It identifies controller configuration changes, even if a human or malware makes changes directly on a device. Tenable monitors for unauthorized changes and alerts critical stakeholders, including extended information for a comprehensive audit trail, resulting in faster incident response and forensic investigations.
Regulation / Recommendation
Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers and firmware on critical cyber systems in a timely manner using a risk-based methodology.
How We Help
Tenable offers complete visibility, security and compliance, enabling airports and aircraft operators to mitigate risk.
Tenable uses CVSS scores as a standardized view of vulnerabilities across your environment. In addition, Tenable’s Vulnerability Prioritization Rating (VPR) helps practitioners identify the high-risk systems and vulnerabilities to focus on, making the best use of your security team’s time during a maintenance window.
Available Government Funding for the Aviation Sector
Airports and traffic control towers can now take advantage of new funding programs from the Federal Aviation Administration (FAA). To qualify, applicants “must demonstrate … effort to consider and address physical and cyber security risks relevant to the transportation mode and type and scale of the project (FY 2023 Notice of Funding Opportunity for the Airport Terminal Program).”
Among some of the available funding programs are:
Airport Infrastructure Grants: A formula-based grant program that provides $15 billion in airport infrastructure funding over five years (fiscal years 2022-2026).
Federal Contract Tower Program: A competitive grant program that provides about $20 million in grant funding annually for five years (fiscal years 2022-2026) for air traffic control tower projects.
Airport Terminal Program: A competitive grant program that provides about $1 billion in grant funding annually for five years (fiscal years 2022-2026) for airport terminal projects.
Airport Improvement Program: More than $3.18 billion annually in entitlement and competitive grants for more than 3,300 eligible airports.
The regulation and government funding information provided on this web page is dynamic and subject to change. We recommend referring to https://www.tsa.gov for the most up-to-date information.