TSA Seeks to Implement New Cybersecurity and Compliance Guidelines

Critical Infrastructure represents a valuable target for cyber criminals seeking to profit, destabilize, or hold data for ransom. Because so many people rely on many of the services that critical infrastructure provides, bad actors know that if they can take advantage of outdated systems and controls they can wreak havoc on the surrounding community. Due to this rise in attacks made against critical infrastructure, we have seen the federal government move to take steps to implement new policies and controls to secure the nation from outside and internal attackers.

In 2021, President Biden issued an executive order on “Improving the Nation’s cybersecurity”. More recently, the Biden-Harris Administration announced their strategy to “secure the full benefits of a safe and secure digital ecosystem for all Americans”. In response to the emphasized call to secure critical infrastructure, the U.S. Transportation Security Administration (TSA) announced a “cybersecurity emergency action rule” to better secure air traffic operations.

This emergency amendment to the TSA’s cybersecurity strategy represents an effort from the Department of Homeland Security to further protect the nations critical infrastructure security posture.

The new rule requires TSA-regulated industries to take these four actions:

1. Develop network segmentation policies and controls to ensure that operational technology systems can continue to safely operate in the event that an information technology system has been compromised, and vice versa;
2. Create access control measures to secure and prevent unauthorized access to critical cyber systems;
3. Implement continuous monitoring and detection policies and procedures to defend against, detect, and respond to cybersecurity threats and anomalies that affect critical cyber system operations; and
4. Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers and firmware on critical cyber systems in a timely manner using a risk-based methodology.

The nature of cybersecurity is ever-evolving. This is why it is important for federal agencies to continue to pursue changes in how they implement security policies, controls, and practices. This new amendment represents an important step toward better securing the nation’s critical infrastructure.

• LinkedIn
• Twitter

CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.

This website is for informational and educational purposes only and does not render professional advice nor is it a substitute for dedicated professional guidance from a competent and duly accredited cybersecurity professional specific to your needs and implementation. There is no endorsement of any kind for products or services listed on this website; it is entirely the readers responsibility to conduct appropriate due diligence and due care in selecting and engaging with any product or service.