Inside Cybersecurity

January 27, 2023

Daily News

Airlines group seeks risk-based approach in TSA cyber guidance for aviation; security leader discusses airport hack

By Charlie Mitchell / October 25, 2022

A trade group representing airlines is urging the Transportation Security Administration to move forward with risk-based approaches in an upcoming directive to the aviation sector on cybersecurity, while a leading voice on security issues warns that recent low-level cyber attacks on airports could presage something more dangerous.

“Safety and security are always the top priority of U.S. airlines. Our industry has long prioritized cybersecurity, and we support efforts to make air travel even more secure from potential cybersecurity concerns,” Airlines for America said in comments to Inside Cybersecurity.

“The best cybersecurity outcomes are the result of meaningful collaboration and communication between government and the private sector and focus on risk-based performance measures,” the group said.

The Transportation Security Administration will come out soon with an updated directive for the aviation sector building on efforts started last year, according to National Security Council cyber leader Anne Neuberger.

The airline industry “has been in communication with TSA throughout this process,” according to an industry source.

Recent cyber attacks targeting the websites of a few U.S. airports stoked concerns about aviation cybersecurity, though security officials quickly contained the actions attributed to pro-Russian hackers.

Annie Fixler, deputy director of the Foundation for Defense of Democracy’s Center on Cyber and Technology Innovation, commented, “Russia remains a potent cyber threat but not all Russian hackers are the same. This particular incident was a rather simplistic attack that disabled the public facing websites of a couple major airports.”

She noted, “When the public first hears ‘Russia,’ ‘cyberattack,’ and ‘airport’ in the same sentence, they will no doubt be very concerned. But this incident had no effect on the operations of those airports or air travel, according to numerous U.S. government officials. That is an important point to reiterate to reassure the public.”

The group responsible for the attack has “conducted similar attacks on local government websites in the United States. Likely the group is targeting ‘low hanging fruit’ from a cybersecurity and websites with high visibility whose disruption might cause public concern. The lesson for the airports websites that were affected is to strengthen security to make yourself a harder target so that hackers pick someone else. And the lesson for the public -- and for those responsible for providing information to the public -- is to be discerning about hacker claims,” Fixler said.

“The U.S. public and critical infrastructure owners and operators in particular must remain vigilant against cyber threats,” Fixler said. “This incident had no disruptive affect, but as Russia continues to lose ground on the battlefield in Ukraine, the Kremlin may decide to launch much more sophisticated and disruptive or destructive cyberattacks. Even if Moscow intends those attacks to remain within Ukraine, as the world witnessed with the NotPetya attacks in 2017, containing the spread of a piece of malware can be challenging, and there can be many unintended and very damaging effects.”

She warned, “The U.S. government, private industry, and public must remain prepared to defend against those attacks and provide aid to partners and allies who might also fall victims to Russia’s malicious cyber activity.” – Charlie Mitchell (cmitchell@iwpnews.com)