Security Policy Alert: TSA Issues New Cybersecurity Information Circular for Aviation

March 22, 2022

 TSA posted Information Circular (IC) 22-04: Enhancing Aviation Cybersecurity to HSIN on March 22. Based on continued emerging threats, TSA is recommending actions in addition to those previously required through TSA-NA-21-05: Cybersecurity Incident Reporting and recommended through IC 17-03C and last month's IC 22-01. While these recommendations are guidance and do not impose requirements on any person or company, TSA strongly suggests adoption of the recommended measures.   

In March 2022, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued two joint advisories that focused on the increased cybersecurity threat by Russian state-sponsored Advanced Persistent Threat (APT) actors who have demonstrated capability to maintain persistent, long-term access in compromised enterprise and cloud environments. These advisories included specific possible threats to U.S. and international satellite communication (SATCOM) and Very Small Aperture Terminals (VSAT) networks, as well as multifactor authentication (MFA). The recommended measures within the IC (which is not SSI) directs airport operators to review and, as appropriate, implement recommended actions in the Joint Cybersecurity Advisories.

In addition, earlier this week, President Biden issued a statement encouraging private companies in the United States to strengthen their cyber security posture in response to potential breaches by Russia. Biden emphasized the evolving intelligence that the Russian Government is 'exploring options for potential cyberattacks' targeting critical infrastructure. The statement urges U.S. companies to 'harden [their] cyber defenses immediately' and provides a fact sheet, titled ' Fact Sheet: Act Now to Protect Against Potential Cyberattacks ,' with more detailed guidance.