The Transportation Security Administration (TSA) recently issued emergency cybersecurity orders for airports and aircraft operators in reaction to “persistent cybersecurity threats against U.S. critical infrastructure, including the aviation sector.”
The TSA went on to say that many IoT devices deployed at airports today, like security cameras, “are not sufficiently protected against cybersecurity threats.”
This is partly in response to the increase in successful ransomware and DDoS attacks against airports. Needless to say, airports are national security assets, and any security lapse is a serious, Department of Homeland Security-level matter that requires immediate action.
The problem is compliance is a challenging endeavor for airport physical security departments.
First, there is a general knowledge gap, as physical security is usually trained in safety rather than IT. Second, implementing plans, policies and systems to achieve and maintain compliance is expensive and projects can take a long time to roll out.
Third, implementing such changes and systems within the elaborate ecosystem of an airport can be daunting. Lastly, physical security teams are currently stretched, especially given headcount reductions due to the economic headwinds.
Complex airport technology
Airports run on a complex web of many subsystems and devices, each with its own firmware, software, maintenance needs and end-of-life timelines. The sabotage or infiltration of a single physical security device could effectively paralyze an airport, or worse – jeopardize the safety of everyone there.
One might expect critical infrastructure to have a more resilient approach. But the problem is many airports manage physical security devices manually, which is a nearly impossible task when managing large fleets.
The answer to this problem is automation and visibility. If you can’t see an endpoint device, then only hackers can see it. But if you have visibility and status on each camera and access control, you can keep them operational, safe and in compliance — and automation can help manage the tasks.
The springboard to compliance
Given the scale of their device fleets, airport physical security groups must turn to technology for foundational capabilities and daily operations. As mentioned, that means visibility first, then automation — and integration with existing systems.
Fundamentally, visibility allows physical security to discover, track, and communicate with all their devices, and to see which firmware and versions each is running. From there, automation does the heavy lifting at airport scope and scale to help fulfill TSA compliance.
- Ongoing updates. A vital aspect of cybersecurity, updates and patches are explicitly required under the TSA’s emergency mandate, which specifies “operating systems, applications, drivers and firmware.” To prevent devices from becoming susceptible to common attacks, passwords also need periodic replacement.
- Diagnostics and cyber resiliency. Knowing what’s gone wrong is supremely important to keeping devices online. So is the ability to “bounce back” without physically sending a technician to the unit. That cost savings goes straight to the bottom line – and just as critical, downtime is greatly reduced.
- Maintenance and asset management. A natural element in a TSA compliance plan,
tracking devices through their life cycle helps you plan preventive maintenance and budget correctly for replacements.
Technology also requires integration, and for physical security it’s multifaceted. There’s the need to work with a wide range of physical security devices in many makes, models, and versions. Then there’s interaction with other systems. For example: Upon detecting and diagnosing an anomaly, a system should issue an alert, and go further to set up a trouble ticket in a maintenance tracking system.
The TSA is requiring other specific steps, such as segmenting networks so that if airport IT systems are compromised, “Operational technology (OT) systems can continue to safely operate, and vice versa.” These are not one-time changes: IT and OT owners such as physical security will have to proactively assess the effectiveness of their cybersecurity measures.
We anticipate that key partners – usually system integrators (SIs) – will play an influential role in helping airports select and deploy platforms and tools to arrive at TSA compliance.
Compliance: the process and payoff
The journey to cybersecurity compliance strengthens physical security groups – including those in aviation facilities who are working to meet TSA requirements. What are some of the useful byproducts of equipping the department for compliance?
- Speed matters. Once systems to achieve compliance are deployed, the physical
security team will complete routine but large-scale tasks much more quickly – and correctly.
- Major early wins. The timely, periodic updating of passwords for every
physical security device and system user will strengthen security for any aviation facility.
- Faster response to anomalies. The capability for rapid detection and diagnosis
of issues in device performance is required by the TSA. Alerts will go to the right people, guiding them to the root cause of outages for faster fixes.
- Shorter MTTR. In airports: the time saved to get devices running again safely is of utmost importance. Minutes can matter when it comes to Mean-Time-to-Repair.
- Alignment with IT standards. Bringing visibility, cybersecurity and maintenance up to IT’s practices can improve collaboration and coordination with colleagues in IT.
It goes without saying that the aviation industry faces our most sophisticated nation-state adversaries, as well as run-of-the-mill ransomware criminals. The urgency of improving cybersecurity across all airport systems and devices has never been clearer.
By signaling this urgency, the TSA is putting short-term stress on physical security teams. But the end result will be more effective, cost-efficient and unbreakable security supporting air travel and air cargo.
Roy Dagan is CEO and co-founder of SecuriThings. He started the company after many years of building cyber security, risk management and intelligence systems. Prior to SecuriThings, Roy held multiple roles leading product management teams in a range of companies including RSA, The Security Division of EMC and NICE Systems.
