In March 2023, the Transportation Security Administration (TSA) issued new cybersecurity requirements for airports and aircraft operators. The new requirements aim to improve the nation’s cybersecurity resiliency amid persistent cybersecurity threats to aviation. Similar to the other transportation industry segments, aviation has become a prime target for cyberattacks due to the critical nature of its operations and the potential impact to passenger safety, reputation of the organization, finances, and the rippling effects to the supply chain. In this blog, we will discuss the importance of cybersecurity protection for the aviation industry, the requirements of TSA’s new cybersecurity amendment, and how your organization can mitigate threats on your road to cyber and operational resilience.
Why is the Aviation Industry so Important?
The aviation segment of the transportation sector encompasses all activities related to the design, development, manufacturing, operation, and maintenance of aircraft, as well as the services associated with air travel and transportation. This mode of transportation is essential for global trade as it enables the movement of goods and materials between countries and continents in a fast and reliable manner. It is also often used for emergency response as it can quickly transport personnel, equipment, and supplies to an affected area.
The sector also acts as a catalyst for economic growth, job creations, international trade, and technological advancement. Its interconnectedness within the global supply chain has made it an integral part of modern economies. However, as air transportation systems have become increasingly including air traffic control, navigation systems, and communication systems — and increasingly connected to other areas of the global supply chain — they have become a greater target for threat actors looking to disrupt critical operations.
Cybersecurity Challenges Plaguing the Aviation Industry
Although aviation is a key driver of the global economy, in recent years, the benefits the sector has brought to society have become outpaced by cybersecurity risks. Threat actors have continuously exploited weaknesses in the cyber-physical systems (CPS) on which availability, integrity, and the safety of transportation operations and infrastructure rely on — and have monopolized on the challenges that have been plaguing the industry. Below, we will discuss some of the top challenges the aviation industry has had to content with:
1) Legacy Systems
Like many other critical infrastructure sectors, legacy devices and systems have contributed to cybersecurity challenges due to their outdated software and hardware which leaves them exposed to known vulnerabilities. They also tend to lack security updates and patches which leave them susceptible to exploits that can allow attackers to gain unauthorized access. Incompatibility with modern security protocols is also a major challenge. With unsupported security protocols, encryption standards, or authentication mechanisms, attackers can bypass security measures and gain access to critical systems.
2) Supply Chain Vulnerabilities
The aviation supply chain ecompasses various suppliers, manufacturers, service providers, and partners whose interconnected nature is crucial to the functioning of the aviation industry. If one supplier or manufacturer in the aviation supply chain experiences a cyberattack, it can cause a cascading effect throughout the supply chain. Aside from operational delays and reduction in consumer confidence, supply chain attacks can cause safety concerns with potential impacts to flight routes, ground operations, and airport capacities.
3) Ransomware Attacks
Hitting a 93% increase year over year, with a 187% increase in the transportation sector, ransomware attacks are showing no sign of slowing down. This type of attack is being reported globally on nearly a daily basis, from various critical infrastructure organizations. According to this Eurocontrol report titled, “Aviation under attack: Faced with a rising tide of cybercrime, is our industry resilient enough to cope?”, they found that aviation faces a ransomware attack every week. This manner of attack has become a huge concern as they can bring a company’s operations to a grinding halt and have potentially severe financial impacts. Not only factoring the cost of the ransom payment alone, the buybacks of data or costs required to take back control of internal systems can be astronomical.
4) Regulatory Compliance
Aligning with evolving cybersecurity standards and regulations can prove a difficult challenge for aviation organizations due to the complexities of requirements and existing operations, technologies, and practices in place. If cybersecurity compliance is not prioritized, many times due to lack of resources or budget, threat actors will find it easier to exploit aviation vulnerabilities, and execute damaging, costly cyberattacks.
Guide to TSA Cybersecurity Requirements for Aviation
Recognizing these challenges, the TSA has issued new cybersecurity requirements for airport and aircraft operators. This directive is focused on performance-based measures to boost cyber resilience of U.S. aviation operations and has required organizations to develop an implementation plan that describes the measures airport and aircraft operators are or will be taking to strengthen cybersecurity resilience and prevent operational disruption and infrastructure degradation. Providers also much proactively assess the effectiveness of these measures, which must include:
1) Develop policies and controls
Developing network segmentation policies and controls to ensure operational technology (OT) systems can continue to operate safely in the event that an information technology (IT) system has been compromised, and vice versa.
2) Security and preventive measures
Creating access control measures to secure and prevent unauthorized access to critical cyber systems.
3) Monitor and detect
Implementing continuous monitoring and detection policies and procedures to defend against, detect, and respond to cybersecurity threats and anomalies that affect critical cyber system operations.
4) Update your systems
Reducing the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers, and firmware on critical cyber systems in a timely manner using a risk-based methodology.
In order to fulfill TSA’s requirements, airports and airlines must ensure the above measures are applied to all directly and indirectly connected assets. These range from the standard IT assets that control ticketing, navigation, and physical security information, to the OT and building management system (BMS) equipment that supports everything from baggage handling to aircraft maintenance, to the IoT and IIoT devices that power climate control, passenger tracking, and even aircraft safety processes, among countless others. These TSA requirements are a step in the right direction in improving the nation’s cybersecurity resiliency. However, aviation organizations may struggle with where to begin. The following best practices are a key place for organizations to start on their journey to TSA compliance.
Journey to TSA Compliance
1. Gain comprehensive asset visibility
The first step to complying with TSA cybersecurity requirements is gaining complete visibility into all connected assets that underpin your critical operations. By establishing an asset inventory spanning the entire extended internet of things (XIoT), organizations can gain a single source of truth as the foundation for protecting their operations, while adhering to this TSA directive along with other cybersecurity requirements. Once established, organizations can utilize their asset inventory to determine how assets are communicating with one another on the network. This baseline of communication will allow for the proper network segmentation policies to be enforced, allowing organizations to easily fulfill the first portion of TSA requirements.
2. Implement remote access controls
Highly controlled yet frictionless remote access to critical systems is essential to operational continuity in the aviation sector. With a solution like Claroty’s Secure Remote Access, organizations can meet the TSA cybersecurity requirements for access control with respect to both onsite and remote, as well as both internal and third-party, users. The aviation industry has a complex attack surface due to the combination of proprietary protocols used by XIoT assets and the escalation of cyber threats in recent years, making continuous monitoring and detection policies and procedures difficult to achieve. At Claroty, we have deep visibility and domain expertise that enables us to continuously monitor even the most obscure environments, alert organizations to real threats, and fulfill TSA’s third security measure.
3. Exposure Management
Legacy systems and unpatched vulnerabilities are the status quo in the aviation industry. In order to address this, it is imperative to align with a CPS security vendor that has developed enterprise-wide visibility and domain expertise that can defend your unique environment against insecure protocols, common vulnerabilities and exposures (CVEs), and other security weaknesses. Claroty offers these capabilities along with customizable risk scoring to help organizations understand the risk of each vulnerability and how to prioritize their remediation efforts. These capabilities and guidance allow aviation organizations to both comply with TSA requirements and to drive cyber resilience across their critical operations and infrastructure.
As the XIoT becomes increasingly interconnected, these guidelines have become essential to improving cybersecurity resilience and preventing disruption and degradation of critical infrastructure. Although they may appear complex, Claroty has developed a comprehensive portfolio to not only help organizations comply with the TSA cybersecurity directive and other industry standards and regulations, but to support use cases across the entire aviation cybersecurity journey. These extensive aviation cybersecurity solutions allow organizations to protect the systems that underpin their most critical operations and infrastructure — and, ensure cyber and operational resilience.
