The federal Transportation Security Administration, which is part of the Department of Homeland Security, issued new cybersecurity requirements for airport and airline operators on Tuesday.
“TSA is taking this emergency action because of persistent cybersecurity threats to U.S. critical infrastructure, including the aviation sector,” TSA Administrator David Pekoske said in a statement.
The TSA said this follows similar measures it announced in October 2022 for passenger and freight rail companies.
The agency said an emergency amendment requires TSA-regulated entities to develop a plan that outlines the steps they are taking to improve their cybersecurity resilience and prevent disruptions to their infrastructure.
They must also develop policies and controls for network segmentation to ensure that operational technical systems can continue to function securely if an information technology system has been compromised; create access control measures to prevent unauthorized access; implement continuous monitoring and detection policies and procedures; and reduce the risk of unpatched systems being exploited.
The TSA said in October that it planned to issue new cybersecurity requirements for some key aviation systems after several US airport websites were hit by apparently coordinated overload attacks.