Module 4 Discussion - Aviation Security
docx
keyboard_arrow_up
School
Embry-Riddle Aeronautical University *
*We aren’t endorsed by this school
Course
202
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
2
Uploaded by AmbassadorFogZebra6
During this module, we examined emerging security threats in the aviation industry and the role of the TSA combats those threats. For this activity, you will evaluate one of the emerging security threats in the aviation industry. Review the following resources and consider how the TSA uses layers of security to combat your selected threat:
Inside Look: TSA Layers of Security (3:13/TSA)
Links to an external site.
Layers of Security/TSA
Links to an external site.
In your blog, explain the emerging threat, identify how layers of security can mitigate the
threat, discuss the effectiveness of current mitigation strategies, and provide a recommendation for improvement. The goal is to engage in a collaborative and constructive debate that promotes critical thought and reflection.
Cyber Security in Aviation
As more processes are being turned over to automated and unmanned systems, the threat of cyber-attacks in on the rise. In September 2018, a card skimming group was able to hack into and change the script on the British Airways website and used that to steal the personal and financial information of as many as 500,000 customers over the course of the two months it took for the airline to realize that they were being attacked. The investigation that followed found that extra security measures, such as multi-factor authentication, that would have helped protect against the data breach were not put into
place (Tidy, 2020). Additionally, in October 2022, some of the largest airports in the US, such as LaGuardia in New York and Chicago O'Hare, experienced cyber-attacks targeted by "denial of service" bugs that essentially bog down an airline's website with artificial "customers" overloading the web traffic and not allowing the actual customers to use them (Margolin et al., 2022). Luckily, neither of these attacks or any of the ones like them were targeting air traffic control systems or aircraft systems themselves, but you never know when something like that could happen. In March 2023, TSA issued new cybersecurity requirements for airports that were similar to the requirements issued
for passenger and freight railroad carriers in October 2022. The press release states, "
TSA is taking this emergency action because of persistent cybersecurity threats against U.S. critical infrastructure, including the aviation sector.
The new emergency amendment requires that impacted TSA-regulated entities develop an approved implementation plan that describes measures they are taking to improve their cybersecurity resilience and prevent disruption and degradation to their infrastructure" (Transportation Security Administration, 2023). Some of the requirements include network segmentation policies and controls so that systems can work independently of each other in case one of
them has been compromised as well as a requirement to include continuous monitoring and detection procedures to catch breaches as soon as possible rather than two months later like what happened with the British Airways data breach. I think both of these requirements along with the others outlined in the TSA press release are going to help a lot with mitigating future attacks, but I also think that the companies that are most susceptible to these cyber-attacks need to allow for more room in their budgets for
cybersecurity policies and processes above what TSA is now requiring because in this technologically advanced world that we live in now, it will be an ever-present threat to security. References:
Margolin, J., Sweeney, S., & Owen, Q. (2022).
Cyberattacks reported at US airports
. ABC News. https://abcnews.go.com/Technology/cyberattacks-reported-us-
airports/story?id=91287965
Tidy, J. (2020).
British Airways fined £20M over Data Breach
. BBC News. https://www.bbc.com/news/technology-54568784
Transportation Security Administration. (2023).
TSA issues new cybersecurity requirements for airport and aircraft operators
. TSA issues new cybersecurity requirements for airport and aircraft operators | Transportation Security Administration. https://www.tsa.gov/news/press/releases/2023/03/07/tsa-issues-
new-cybersecurity-requirements-airport-and-aircraft
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help