New cybersecurity requirements from the Transportation Security Administration (TSA) in the United States
On the last March 7th, the Transportation Security Administration (TSA) issued a new emergency amendment requiring regulated airlines and airports to increase their capacity to face cyber attacks. The measure was taken less than a week after the United States government announced its national cyber security strategy, following similar requirements directed at freight and passenger rail carriers.
According to the issued statement, TSA’s priority is to protect the United States transportation system, working collaboratively with stakeholders and offering safe, secure, and efficient travel. This was necessary due to hackers who have attacked the aviation industry using different invasion methods.
In July 2022, American Airlines was a victim of a phishing attack, granting unauthorized access to its IT environment. In addition, various airports in the United States were targeted by DDoS attacks in October of the same year.
For this reason, regulated entities affected by the TSA must promote the following actions:
- Develop network segmentation policies and controls, ensuring that operational technology systems continue to function securely in case of a compromise of IT;
- Create access control measures, protecting critical systems from unauthorized access;
- Implement continuous monitoring and detection policies and procedures to identify and respond to cyber security threats and anomalies; and
- Reduce the risks of exploitation of uncorrected systems by applying security patches and updates on operating systems, applications, drivers, and firmware through a risk-based methodology.
Previously imposed requirements for aircraft operators and airports include establishing a cyber security point of contact, developing and adopting a cyber security incident response plan, conducting a cyber security vulnerability assessment, and reporting significant cyber security incidents to the Cybersecurity and Infrastructure Security Agency (CISA).
In conclusion, the new amendment issued by the TSA is their latest effort to ensure that transportation operators improve their ability to address cyber threats. In this article, we covered its goals and importance.
Are you enjoying this post? Join our Newsletter!
Newsletter Blog EN
According to Cybersecurity Ventures, the world ended 2020 with 300 billion passwords to protect. And the trend shows this number will increase dramatically. Email accounts (personal and professional), banking services, corporate systems, devices, and applications are some examples that require authentication through passwords. And with the increase in the number of data leaks, it is easy to find compromised credentials on forums on the dark web being sold for pennies.
And yes, we know that it is not easy to manage so many passwords. Even the most tech-savvy can struggle to manage and protect credentials in so many different environments. In times of personal data protection legislation, such as LGPD and GDPR, ensuring the protection of such data has become more than a security requirement – it is a business must.
Despite all the risks associated with their use, many users and companies use passwords that are easy to guess, such as numbers or sequential letters (123456 or abcdef). SolarWinds itself, the victim of a serious attack on its supply chain, was using the password solarwinds123 in its infrastructure. Certainly, your email password or mine is stronger than the one used by this American technology company.
So, on this World Password Day, here are some tips that should be considered by users to keep their data protected:
- Use long and complex passwords. This prevents hackers from using techniques to guess them. However, just using complex passwords may not be enough to protect them from hackers.
- Many devices are configured with default passwords. Change them immediately.
- Avoid reusing your passwords on different accounts. Also, constantly check if you have already been the victim of a data leak through senhasegura Hunter. If so, change your passwords immediately.
- Configure your passwords to be changed frequently. The ideal is at least every 3 months.
- Do not write down, store in an easily accessible place, or share your passwords with others, thus avoiding unauthorized access.
- Consider password management solutions, or even privileged access management (PAM), to manage the use of systems and devices.
- Use Multiple-Factor Authentication (MFA) mechanisms to add a layer of security to your accounts.
- Set up means of retrieving access, such as including phone numbers or emails.
Passwords are one of the oldest security mechanisms in the computing world and are also one of the main attackvectors by hackers. And in the “new normal” era, with increasing threats resulting from the covid-19 pandemic, it is vital that users be alert and properly protect their digital identities. In this way, we can avoid cyberattacks that can cause considerable damage not only to people, but also to companies. And on this World Password Day, remember: security starts with you!