Skip to main content

Empowering Aviation Organizations with Armis Solutions

Aviation Cybersecurity Requirements Solved

Step by step, the cybersecurity resilience of U.S. critical infrastructure is being strengthened, but there is still work to be done. One of the many efforts to build up a safe and secure digital ecosystem was issuing cybersecurity requirements for airports and aircraft operations per TSA in March 2023 with specific measures.

NEWCOM, a trusted partner, stands with Armis to empower aviation organizations. Together, we are uniquely positioned to help aviation organizations uphold TSA requirements and ensure robust security. Our approach focuses on leveraging the power of the Armis platform to address the unique challenges of the aviation sector.

Download Solution Brief

TSA Requirements

Annually submit an updated Cybersecurity Assessment Plan to TSA for review and approval.

Annually report the results from previous year assessments, with a schedule for assessing and auditing specific cybersecurity measures for effectiveness. TSA requires 100% of an owner/operator’s security measures be assessed every three years.

Test at least two Cybersecurity Incident Response Plan (CIRP) objectives and include individuals serving in positions identified in the CIRP in their required annual exercises.

Report significant cybersecurity incidents to CISA, identify a cybersecurity point of contact, and conduct a cybersecurity vulnerability assessment.

Critical Aspects for Cybersecurity in Aviation

1. Network Segmentation: Safeguarding OT and IT Systems

Network segmentation is a critical component of the TSA requirements. By segregating operational technology (OT) and information technology (IT) systems, airports and airlines can ensure that a compromise in one system does not affect the other. This separation reduces the risk of threat propagation and helps maintain system integrity in the face of attacks.

2. Access Control: Protecting Critical Cyber-Systems

Effective access control measures are essential for securing critical cyber systems. Establishing role-based access and integrating it with existing security infrastructure can help prevent unauthorized access to critical systems and minimize the security risk of unauthorized access to physical and logical systems.

3. Continuous Monitoring and Detection: Staying Ahead of Cybersecurity Threats

Continuous monitoring and detection of threats and anomalies are crucial for maintaining a proactive security posture. Advanced behavioral analytics and machine learning can help identify potential threats before they cause significant damage, enabling organizations to stay ahead of evolving cybersecurity risks.

4. Patch Management: Mitigating Risks from Unpatched Systems

Timely application of security patches and updates is essential for reducing the risk of exploitation of unpatched systems. Implementing a risk-based methodology for patch management can help aviation organizations prioritize remediation efforts and ensure that critical systems remain up-to-date and secure.

Why contact NEWCOM?

NEWCOM is a valued, trusted partner of ARMIS software, unified asset visibility, and security platform that is designed to address the new threat landscape that connected devices create. NEWCOM is trained and certified to answer ARMIS questions and provide solutions tailored to your IT and OT technology needs. Based in the metropolitan Boston area with operations nationwide, our expert team of engineers and trained sales professionals offer turnkey solutions for commercial and public sector markets. We analyze, design, recommend, install, and help manage your systems by raising the bar for the highest standards for customer support. To learn more, visit newcomglobal.com.

About Armis

Armis is the leading unified asset visibility and security platform designed to address the new threat landscape that connected devices create. Fortune 1000 companies trust our real-time and continuous protection to see with full context all managed, unmanaged, and IoT devices, including medical devices (IoMT), operational technology (OT), and industrial control systems (ICS). Armis provides passive and unparalleled cybersecurity asset management, risk management, and automated enforcement. Armis is a privately held company headquartered in Palo Alto, California. Armis®️

Resources:
https://www.armis.com/blog/strengthening-aviation-cybersecurity-with-armis-navigating-the-new-tsa-requirements/
https://www.tsa.gov/news/press/releases/2023/03/07/tsa-issues-new-cybersecurity-requirements-airport-and-aircraft