Citing "persistent cybersecurity threats," the US government's Transportation Security Administration (TSA) has issued a cybersecurity amendment to "certain TSA-regulated airport and aircraft operators".
The move followed similar measures aimed at passenger and freight railroad carriers issued in 2022 and was labelled by the TSA as "part of the Department of Homeland Security’s efforts to increase the cybersecurity resilience of US critical infrastructure".
“Protecting our nation’s transportation system is our highest priority and TSA will continue to work closely with industry stakeholders across all transportation modes to reduce cybersecurity risks and improve cyber resilience to support safe, secure and efficient travel,” said TSA administrator David Pekoske.
“This amendment to the aviation security programs extends similar performance-based requirements that currently apply to other transportation system critical infrastructure," he added.
The industry will be required to "develop an approved implementation plan that describes measures they are taking to improve their cybersecurity resilience and prevent disruption and degradation to their infrastructure", the TSA said, adding that systems should be designed to continue to operate after being compromised.