Security Policy Alert: TSA Special Emphasis Assessment on Cybersecurity

June 12, 2020

TSA has informed AAAE about a Special Emphasis Assessment that will begin next week regarding the implementation of cybersecurity best practices at domestic airports.  The assessment will take place nationwide at all commercial service airports and, due to COVID-19, will be conducted through phone interviews.

Specifically, TSA will assess progress toward adoption of cybersecurity best practices outlined in Information Circular 17-03B, Cybersecurity at Airports.  IC 17-03B, issued on January 15, 2020, provides DHS recommendations for improving cybersecurity practices and configurations at U.S. airports.

AAAE encouraged TSA to provide assessment questions in advance and to allow adequate time for airports to respond given that responses will likely need to be coordinated internally with IT departments and often externally as well with municipal IT administrators.

On a related note, Politico reported today that the FBI has issued a Private Industry Notification warning that unattributed cyber actors have registered numerous domains spoofing legitimate US-based airport websites, indicating the potential for future operational activity.  Spoofed domains are increasingly used by cyber criminal and state-sponsored groups to propagate the spread of malware, which can lead to further compromise and financial losses. As a result, the FBI warns that "this activity poses an increased risk not only to US airports but also to the greater US Aviation Sector and its myriad stakeholders."  Please click here to view the FBI Private Industry Notification.
 
As always, please do not hesitate to contact us if you have any questions or need any additional information.