Per TSA announcement on March 7th: “Protecting our nation’s transportation system is our highest priority and TSA will continue to work closely with industry stakeholders across all transportation modes to reduce cybersecurity risks and improve cyber resilience to support safe, secure and efficient travel,” said TSA Administrator David Pekoske. “This amendment to the aviation security programs extends similar performance-based requirements that currently apply to other transportation system critical infrastructure.”
The new amendment includes 4 sections: network segmentation, access control measures, continuous monitoring and detection of threats, and last but not least, patch management. Specifically for patch management, it says:
“Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers and firmware on critical cyber systems in a timely manner using a risk-based methodology.”
Past Security Breaches
No one likes missing their flight due to system disruption or, even worse, risking their lives due to cybercrime. Some notable cybersecurity breaches in the past demonstrate the importance of robust security measures in the aviation industry. These incidents underscore the need for stringent cybersecurity measures and regular system monitoring in the aviation industry to protect sensitive data and ensure smooth operations:
- American Airlines and Sabre Corp (2015): In August 2015, American Airlines and the global reservations system Sabre Corp announced that their systems had been breached. Although no flight operations were disrupted, the attackers gained access to sensitive customer data, including names, addresses, and credit card information.
- United Airlines (2015): In July 2015, United Airlines revealed that its systems had been compromised, leading to the theft of customer information, including email addresses and mailing addresses. The attackers reportedly gained access to United’s system via a third-party vendor. This incident prompted United Airlines to invest in improved cybersecurity measures.
- Delta Airlines (2018): In April 2018, Delta Airlines confirmed a data breach involving the unauthorized access of customer payment information. The airline’s online chat service provider, [24]7.ai, suffered a cyber attack that exposed customer data, including names, addresses, credit card numbers, CVV numbers, and expiration dates. Delta responded by offering free credit monitoring services to affected customers and implementing additional security measures.
- Atlanta Hartsfield-Jackson International Airport (2018): In September 2018, the world’s busiest airport, Atlanta Hartsfield-Jackson International Airport, suffered a cyberattack that affected its internal network and Wi-Fi system. Although flight operations were not disrupted, the breach exposed potential vulnerabilities in the airport’s network infrastructure.
- London Heathrow Airport (2017): In October 2017, a USB stick containing sensitive security information about London’s Heathrow Airport was found on a London street. The USB drive contained details about the airport’s security measures, as well as information about the Queen’s travel plans. The incident raised questions about the security of sensitive information at major airports.
About Action1
Action1 provides a risk-based patch management solution for distributed work-from-anywhere organizations. Action1 helps to discover, prioritize, and remediate vulnerabilities in a single solution to prevent security breaches and ransomware attacks. It automates patching of third-party applications, patching of operating systems, drivers, and firmware, ensuring continuous patch compliance and remediation of security vulnerabilities before they are exploited.
