← Back to all briefings

Cybersecurity · Credibility 90/100 · · 2 min read

TSA Expands Aviation Cybersecurity Directives — May 9, 2024

TSA ordered airport and aircraft operators to harden incident reporting, network segmentation, and access controls under new emergency amendments.

Executive briefing: On the Transportation Security Administration (TSA) issued new cybersecurity requirements for airports and aircraft operators, expanding emergency amendments first introduced after the Colonial Pipeline incident. The directive compels carriers and hub airports to accelerate detection, response, and resilience measures across operational technology (OT) and corporate environments.

What changed

  • 24-hour incident reporting. Operators must notify TSA and CISA of cyber incidents within one day of discovery, aligning with recent federal critical infrastructure reporting mandates.
  • Network segmentation and access management. The amendment tightens requirements to isolate OT from business networks, enforce MFA on privileged accounts, and document authorized remote access pathways.
  • Continuous testing. Covered entities must perform recurring cybersecurity assessments and provide TSA with plans to remediate identified gaps.

Why it matters

  • Aviation sector accountability. The order expands the set of commercial carriers and airports subject to TSA cyber oversight, reinforcing aviation’s role as one of the first transportation verticals with prescriptive controls.
  • Alignment with national strategy. Requirements mirror CISA’s Cross-Sector Cybersecurity Performance Goals and proposed CIRCIA rules, signaling the expectations other critical infrastructure sectors should anticipate.
  • Audit readiness. TSA can now request documentation and conduct on-site inspections, requiring operators to maintain evidence of segmentation tests, MFA enforcement, and incident drills.

Action items

  • Update incident response runbooks to ensure immediate notification workflows to TSA and CISA and rehearse 24-hour reporting drills.
  • Validate network diagrams, firewall rules, and jump host policies separating OT systems such as SCADA, baggage handling, and fueling operations from corporate networks.
  • Document annual penetration testing, tabletop exercises, and remediation plans for submission during TSA compliance reviews.
  • Transportation
  • United States
  • Aviation
  • Critical infrastructure
Back to curated briefings