New TSA Rule Amendment Aims for Enhanced Cyber Resilience at Airports

The Transportation Security Administration has announced an emergency amendment to airport and aircraft operator security programs to address persistent threats to U.S. critical infrastructure. Entities regulated by TSA are tasked with devising an implementation plan outlining measures to improve cyber resilience and prevent system disruption and degradation.

Such measures include the enactment of network segmentation policies, access controls to prevent intrusions, continuous monitoring procedures and regular rollouts of security patches to operating systems, software, drivers and firmware. Organizations are required to evaluate whether such practices are effective.

Administrator David Pekoske said that the rule change applies performance-based criteria similar to those already in effect for other transportation systems, TSA said.

The agency recently updated cybersecurity rules for rail and pipeline operators in light of feedback from industry members. Pekoske, who was confirmed for a second term in September 2022, said that changes were made to allow for more flexibility in security implementation practices.

Providers of rail and pipeline transport services were invited by TSA to provide input on plans to require third-party checks on their compliance with cyber regulations.