TSA Mandates Network Segmentation for Aviation Industry

The Transportation Security Administration (TSA) has issued emergency cybersecurity mandates for the aviation sector in response to persistent cybersecurity threats against U.S. infrastructure, citing “persistent cybersecurity threats against U.S. infrastructure, including the aviation sector.” The TSA cybersecurity amendments require regulated entities in the aviation sector to develop plans to harden resilience to their digital networks and infrastructure. One of the mandated actions is to segment network activity to ensure IT and operational technology (OT) systems can continue operating if one or the other is compromised. Additionally, access controls must be put in place around sensitive systems, continuous monitoring and detection for cybersecurity threats must be implemented, and vulnerable systems must be patched promptly. The effectiveness of any protections put in place must also be tested.

These amendments highlight the importance of protecting critical infrastructure from cyber threats. According to a report by the Atlantic Council in 2019, airport assets have become “increasingly connected and digitized, with many of these services also having remote or wireless connections,” enabling easy exploitation by malicious hackers. This increasing interconnectivity and reliance on digital infrastructure in airports have made them more convenient and exposed to cyber threats. These mandated actions by the TSA for the aviation sector are similar to those put in place for the passenger and freight railroad sector in 2021. These cybersecurity measures are necessary to secure critical infrastructure and support safe, secure, and efficient travel.

What does the TSA cybersecurity amendment mean for aviation network security?

The Transportation Security Administration (TSA) has issued new cybersecurity requirements for specific TSA-regulated airport and aircraft operators. The TSA cybersecurity directive amendment aims to enhance cybersecurity resilience against persistent cybersecurity threats in the aviation sector by introducing performance-based measures that TSA-regulated entities must implement. The new requirements include network segmentation policies and controls, access control measures, continuous monitoring and detection policies and procedures, and timely application of security patches and updates for operating systems, applications, drivers, and firmware on critical cyber systems. The TSA’s emergency amendment comes after the October 2022 announcement for passenger and freight railroad carriers and extensive collaboration with aviation partners. The TSA aims to reduce cybersecurity risks and improve cyber resilience to support safe, secure, and efficient travel in the U.S.

This is not the first time that the TSA has implemented such requirements, and previous requirements for TSA-regulated airport and aircraft operators included measures such as reporting significant cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA), establishing a cybersecurity point of contact, developing and adopting a cybersecurity incident response plan, and completing a cybersecurity vulnerability assessment. The new amendment extends similar performance-based requirements currently applicable to other critical transportation system infrastructures. The TSA’s efforts align with the Biden-Harris Administration’s National Cybersecurity Strategy announced on March 2, 2023, which aims to secure the full benefits of a safe and secure digital ecosystem for all Americans.

Organizations must prioritize network security by implementing the necessary cybersecurity measures as the aviation sector becomes increasingly connected and digitized. TSA’s emergency amendment highlights the importance of cybersecurity resilience in the aviation sector, and TSA-regulated entities must take action to develop an approved implementation plan that describes measures they are taking to improve their cybersecurity resilience and prevent disruption and degradation to their infrastructure. Organizations must take proactive steps to assess the effectiveness of these measures and continuously monitor their cybersecurity systems to detect and respond to potential cybersecurity threats. If your organization is a TSA-regulated airport or aircraft operator, it is essential to take the necessary steps to comply with the new cybersecurity requirements and ensure the security of your network.

What is the difference between IT and OT networks?

The primary difference between IT and OT networks is the nature of the data they handle. IT networks manage data and information, while OT networks manage physical processes and control systems. IT networks are responsible for storing, processing, and transmitting digital data and information within an organization. These networks typically manage applications, databases, email systems, and other digital communication tools.

On the other hand, OT networks are responsible for managing physical processes and control systems such as manufacturing processes, power grids, and other critical infrastructure. These networks control and monitor machines, sensors, and other devices interacting with the physical world. OT networks can include supervisory control and data acquisition (SCADA) systems, industrial control systems (ICS), and other operational technologies. One example of OT in aviation would be the control systems that manage the airport’s power grid or the computer systems that manage air traffic control. These systems are responsible for managing physical processes rather than just data and are critical to the safe and efficient operation of the aviation industry.

One of the key differences between IT and OT networks is the security requirements and protocols they follow. IT networks prioritize data confidentiality, integrity, and availability, while OT networks prioritize safety, reliability, and availability. Due to the critical nature of OT systems, cybersecurity attacks on these networks can have severe consequences, including physical harm, environmental damage, and economic loss.

To protect both IT and OT networks, it is essential to have a comprehensive cybersecurity strategy that considers each network’s unique requirements and protocols. This includes implementing network segmentation techniques to prevent attackers from moving laterally across networks and gaining access to critical systems. By segmenting networks, organizations can limit the impact of a cyberattack and ensure that critical systems continue to operate even if other systems are compromised.

Why is network segmentation important?

Network segmentation is the process of dividing a network into smaller segments, each with its security protocols and access controls. This technique helps to reduce the attack surface and prevent attackers from moving laterally across networks. Network segmentation is especially crucial for organizations with IT and OT networks because they have different security requirements and protocols.

By segmenting IT and OT networks, organizations can limit the impact of a cyberattack. For example, if an attacker gains access to an IT network but cannot move laterally to an OT network, the potential damage to critical infrastructure is reduced. Furthermore, by limiting the number of systems an attacker can access, network segmentation can make it easier to detect and isolate cybersecurity threats.

There are different types of network segmentation techniques that organizations can use to protect their networks. Physical segmentation involves physically separating IT and OT networks using different network cables, switches, or other hardware. This technique can be effective, but it can also be expensive and time-consuming to implement.

Logical segmentation involves creating separate network zones with different security policies and access controls. This technique can create distinct network zones for various organizational departments or applications. Logical segmentation can be used with physical or virtual segmentation to create a multi-layered security strategy.

Virtual segmentation, on the other hand, uses software-defined networks (SDN) to create virtual networks within the same physical network infrastructure. This technique allows organizations to segment their networks without needing physical separation, reducing the cost and complexity of network segmentation.

Network segmentation is a critical aspect of a comprehensive cybersecurity strategy. By segmenting networks, organizations can reduce the attack surface, limit the impact of a cyberattack, and make it easier to detect and isolate cybersecurity threats. Organizations should consider using physical, virtual, and logical segmentation techniques to protect their IT and OT networks.

Three Approaches to Network Segmentation

Network segmentation is an essential component of any effective cybersecurity strategy. Physical, virtual, and logical segmentation are the most widely used among the different network segmentation techniques available. Physical segmentation involves physically separating IT and OT networks, while virtual segmentation uses software-defined networks to create virtual networks within the same physical infrastructure. Logical segmentation creates separate network zones with different security policies and access controls. Looking at each of these types of segmentation in more depth:

1. Physical Segmentation: Physical segmentation separates IT and OT networks using different network cables, switches, or other hardware. This technique effectively prevents attackers from moving laterally across networks since physical separation makes it difficult for attackers to access both networks. Physical segmentation can also reduce the impact of a cyberattack by limiting the number of systems an attacker can access. However, physical segmentation can be expensive and time-consuming to implement.
   
   
2. Logical Segmentation: Logical segmentation involves creating separate network zones with different security policies and access controls. This technique can create separate network zones for different organizational departments or applications. Logical segmentation can be used with physical or virtual segmentation to create a multi-layered security strategy. Logical segmentation can also protect sensitive data by limiting access to authorized personnel only.
   
   
3. Virtual Segmentation: Virtual segmentation uses software-defined networks (SDN) to create virtual networks within the same physical network infrastructure. This technique allows organizations to segment their networks without needing physical separation, reducing the cost and complexity of network segmentation. Virtual segmentation can be configured to ensure that traffic flows between virtual networks are monitored and inspected for security threats. This technique provides greater flexibility since virtual networks can be created, modified, or deleted quickly and easily.
   
   

Each technique has advantages and disadvantages, and the choice of method depends on the organization’s specific needs. By implementing the appropriate segmentation technique(s), organizations can reduce the attack surface and ensure that critical systems continue operating even during a cyberattack. Network segmentation is a crucial aspect of a comprehensive cybersecurity strategy. Physical, virtual, and logical segmentation are all effective techniques that organizations can use to protect their networks from cyber threats. The segmentation technique choice depends on the organization’s specific needs and constraints. It is crucial to implement the appropriate segmentation technique(s) to limit the attack surface and ensure that critical systems continue operating even during a cyberattack.

Protecting Critical Infrastructure Through Network Segmentation is Crucial for Combating Cyber Threats

In light of the recent cybersecurity mandates issued by the TSA for the aviation sector, it is clear that network segmentation is a critical aspect of a comprehensive cybersecurity strategy. IT and OT networks have different security requirements and protocols, so implementing a comprehensive cybersecurity strategy that considers each network’s unique needs is essential. Network segmentation techniques such as physical, virtual, and logical segmentation can help to reduce the attack surface, limit the impact of a cyberattack, and make it easier to detect and isolate cybersecurity threats.

Organizations must take proactive measures to protect their networks from cyber threats. This includes implementing access controls, continuous monitoring and detection for cybersecurity threats, timely patching of vulnerable systems, and testing the effectiveness of any protections. Failure to implement these measures could result in severe consequences, including physical harm, environmental damage, and economic loss.

Organizations must be vigilant and proactive in implementing cybersecurity measures to stay ahead of cyber threats. By adopting a multi-layered approach to cybersecurity that includes network segmentation, organizations can reduce the impact of a cyberattack and ensure that critical systems continue to operate even in the event of a compromise. The TSA’s cybersecurity mandates serve as a wake-up call for all organizations to take cybersecurity seriously and adopt the necessary measures to protect their networks from cyber threats.

Secure Your Network with Identity-Based Microsegmentation: How Elisity Can Help

Elisity is a powerful solution that offers identity-based microsegmentation for an existing access layer switching infrastructure. Our solution is an example of virtual segmentation mentioned earlier in this article and requires zero additional hardware or the installation of sensors in your network. We provide various benefits for organizations of all sizes, including non-disruptive deployment, rapid time to value, north-south and east-west microsegmentation, adaptability and scalability, and visibility. With Elisity, organizations can quickly improve the security of their networks without the need for specialized expertise.

Key Features of Elisity:

• Non-disruptive deployment: Organizations can implement Elisity quickly and easily without worrying about downtime or other negative impacts on their operations.
• Rapid time to value: Organizations can begin seeing the solution’s benefits almost immediately after implementation.
• North-south and east-west microsegmentation: The solution can segment the network in both directions, allowing for more granular access control.
• Adaptable and scalable: Elisity is well-suited for constantly evolving networks and threats.
• Visibility: Provides a clear view of what assets are on the network and the traffic flows that are taking place, allowing organizations to detect and respond to threats more effectively.
• Simple to deploy and manage: Designed for organizations without specialized expertise, Elisity can easily be implemented and managed by IT teams.

Elisity is the best solution for implementing identity-based microsegmentation, providing a powerful way for organizations to secure their networks. If you are responsible for securing your organization’s network, request an expert consultation from one of our microsegmentation experts today to see how Elisity can help you improve your network security.