Aviation is the latest U.S. transportation subsector to be issued new cybersecurity requirements from the Transportation Security Administration (TSA). Released as an emergency directive on March 7, 2023, the requirements — which apply to all TSA-regulated airports and aircraft operators — focus on performance-based measures to boost the cyber resilience of U.S. aviation. TSA cites “persistent cybersecurity threats against U.S. critical infrastructure” as a driving force behind the directive, which is similar to those it previously introduced for railroad carriers and pipelines starting shortly after the Colonial Pipeline ransomware attack in 2021.
Collectively, these regulations, along with the Biden-Harris administration’s very recently announced National Cybersecurity Strategy, reinforce the U.S. government’s recognition that free market forces are not sufficiently reducing the risk to national security and public safety from cyber attacks. Having long been honored to partner with the public sector while helping customers spanning all critical infrastructure sectors to mitigate such risks, Claroty applauds these key steps forward.
All TSA-regulated airports and aircraft operators are now required to create an implementation plan detailing specific measures they are or will be taking to strengthen cybersecurity resilience and prevent operational disruption and infrastructure degradation. They are also required to proactively assess the efficacy of these measures, which must — at a minimum — include:
Developing network segmentation policies and controls to ensure operational technology (OT) systems can continue to operate safely in the event that an information technology (IT) system has been compromised, and vice versa;
Creating access control measures to secure and prevent unauthorized access to critical cyber systems;
Implementing continuous monitoring and detection policies and procedures to defend against, detect, and respond to cybersecurity threats and anomalies that affect critical cyber system operations; and
Reducing the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers, and firmware on critical cyber systems in a timely manner using a risk-based methodology.
Notably, each of these measures focuses not only on IT but also OT and/or “critical cyber” systems, reflecting the complex attack surface fueled by the rapid and ongoing growth of the Extended Internet of Things (XIoT). Encompassing all manner of the increasingly intertwined cyber-physical systems (CPS) that sustain operations for organizations across all sectors, the XIoT has serious cybersecurity implications that unfortunately do not forgo the aviation sector.
Specifically, in order to fulfill TSA’s new requirements, airports and airlines must ensure the above measures are applied to all directly and indirectly connected assets. These range from the standard IT assets that control ticketing, navigation, and physical security information, to the OT and building management system (BMS) equipment that supports everything from baggage handling to aircraft maintenance, to the IoT and IIoT devices that power climate control, passenger tracking, and even aircraft safety processes, among countless others.
Our industrial cybersecurity portfolio is purpose-built for all XIoT assets, use cases, and regulatory needs of all critical infrastructure owners and operators across their full cybersecurity maturity journey — and this includes all TSA-regulated airports and airlines. Here’s how:
By providing the XIoT asset inventory that is foundational to TSA’s requirements: Gaining complete visibility into all connected assets that underpin an organization’s critical operations is a non-negotiable prerequisite for all subsequent use cases — and, in this case, regulatory requirements — spanning the full industrial cybersecurity journey. Recognizing this, Claroty has long invested in our ability to automatically discover and enrich all of our customers’ XIoT assets in a manner that is flexible and customizable to each customer’s unique needs and preferences.
This means supporting an industry-leading 450+ protocols to virtually guarantee that our products are compatible with even the most obscure OT, IoT, and other XIoT assets. It also means acknowledging that just as no two airports or airlines are identical, neither are their industrial environments — and, thus, neither are the paths they’ll need to take to gain visibility into those environments. Claroty offers five collection methods that our aviation (and all) customers can combine to create the comprehensive, single-source-of-truth XIoT asset inventory they need as the foundation to protect their most critical operations while adhering to TSA’s and other cybersecurity requirements.
By offering highly controlled yet frictionless access to critical systems: Remote access is essential to operational continuity across sectors — but unlike their IT counterparts, the OT, industrial, and other mission-critical environments on which the aviation sector relies are not suitable for being remotely accessed via standard solutions. Claroty Secure Remote Access (SRA) was purpose-built for the unique security and operational requirements of these environments, equipping airlines and airports to easily comply with TSA’s new cybersecurity requirements for access control with respect to both onsite and remote, as well as both internal and third-party, users.
By creating & enabling enforcement of network segmentation policies: The unmatched visibility Claroty provides into XIoT assets and their communications enables us to recommend fine-grained network segmentation policies that our aviation customers can automatically enforce via their existing firewalls and network access control (NAC) solutions. As a result, TSA-regulated entities can easily fulfill this requirement without the added risks and burdens of the manual, error-prone processes typically inherent to network segmentation projects.
By continuously monitoring for cyber threats: The combination of the proprietary protocols used by most XIoT assets throughout the aviation sector, as well as the escalation of cyber threats against the sector’s infrastructure, has created a complex attack surface on which detecting and responding to such threats is exceedingly tricky. Claroty’s deep visibility and domain expertise enable us to continuously monitor even the most obscure operational environments in the aviation sector for the earliest indicators of (and deliver a clear advantage against) all known and unknown threats.
We also automatically weed out false positives and consolidate interrelated events into one alert to optimize prioritization and response efforts, reduce alert fatigue, and ultimately empower our aviation customers to not only fulfill TSA’s latest cybersecurity requirements but also to gain more time to focus on the true threats that matter most.
By optimizing vulnerability & risk management for all XIoT assets: Just as TSA’s new cybersecurity requirements for airports and airlines might suggest, legacy systems and unpatched vulnerabilities are the status quo among XIoT assets in the aviation sector’s most critical environments. This has only amplified the sector’s exposure to cybersecurity risks in recent years — and they are exceedingly difficult to address via standard solutions. Claroty has long recognized the complex, consequential nature of these conditions, which is why our portfolio harnesses our XIoT visibility and domain expertise to automatically correlate all XIoT assets in our customers’ environments against the latest insecure protocols, common vulnerabilities and exposures (CVEs), and other security weaknesses.
Additionally, we also offer fully customizable risk scoring to help customers more easily understand the risk each vulnerability poses to their unique environment and how to prioritize their remediation efforts. These capabilities are fully conducive to enabling airlines and airports to comply with TSA’s new cybersecurity requirements — and, more importantly, to drive cyber resilience across their critical operations and infrastructure.
Recognizing the critical importance of protecting the availability, integrity, and safety of our transportation systems and all other critical infrastructure, Claroty is proud to be able to offer the aviation sector a comprehensive portfolio that not only satisfies all of TSA's new cybersecurity requirements — but that also supports all use cases across the entire industrial cybersecurity journey.
If you’d like to receive a consultation from one of our experts on how Claroty's xDome, Secure Remote Access (SRA), and Continuous Threat Detection (CTD) solutions are helping airports and aircraft operators fulfill TSA’s new cybersecurity requirements or otherwise optimize their industrial cybersecurity journeys.