Back to overview

Network Security

From Runways to Railways: The TSA’s Move Into Cybersecurity

by Leelin Thye

How the TSA’s evolving mandates shape cybersecurity strategies for critical infrastructure.

Cybersecurity touches nearly every aspect of personal and commercial life today — and rightly so, as the risk of business loss and personal identity theft continues to skyrocket. The TSA has embraced this urgency with its 2022 and 2023 cybersecurity mandates, which build upon one another. Here’s what they cover.

2022 TSA Mandates

In 2022, the TSA required passenger and freight railroad carriers to:

  • Establish and execute a TSA-approved Cybersecurity Implementation Plan to demonstrate how the organization plans to comply with TSA directives. (Remember: those who fail to plan, plan to fail.)
  • Establish a Cybersecurity Assessment Program to ensure regular evaluations of security measures.
  • Report cybersecurity incidents to CISA, establish a cybersecurity point of contact, develop and adopt a cybersecurity incident response plan, and complete a cybersecurity vulnerability assessment.

This was an excellent high-level start, but the mandates didn’t address specific controls like network segmentation, monitoring, or patching. That changed with the 2023 amendment.

2023 TSA Amendments

In 2023, the TSA augmented its earlier mandates with additional requirements designed to enhance resilience and prevent infrastructure disruption:

  • Develop network segmentation policies and controls
  • Create access control measures
  • Implement continuous monitoring and detection policies and procedures
  • Reduce the risk of exploitation of unpatched systems

Delving Further into System-Related Requirements

Develop network segmentation policies and controls. Don’t put all your IT eggs in one basket. Segregating network resources — through techniques such as micro-segmentation — helps ensure that even if one segment is compromised, the rest remains protected.

Create access control measures. Adopting a least-privilege posture reduces the likelihood of compromise from authorized access. A Zero Trust approach, where all access is validated and no one is inherently trusted, is the best mindset. This can be achieved through well-configured remote access systems and role-based access controls (RBAC), whether centralized or decentralized.

Implement continuous monitoring and detection policies and procedures. According to the TSA, this step will help “defend against, detect, and respond to cybersecurity threats and anomalies that affect critical cyber system operations.” Proactive solutions such as Intrusion Detection/Prevention Systems (IDPS), comprehensive system logging, application control, Security Information and Event Management (SIEM), and Managed Security Services are key to success here.

Reduce the risk of exploitation of unpatched systems. Security patches and updates for operating systems, applications, drivers, and firmware on critical cyber systems should be tested and applied as soon as feasible, based on infrastructure and corporate priorities. Vulnerability assessments can help establish that order. When formal patches aren’t yet available, virtual patching can reduce the risk of compromise by using firewall or IDPS rules to detect and block malicious behavior until updates are released.

SonicWall Can Help!

Whether it involves micro-segmentation, access controls, continuous monitoring or patching (including virtual patching), SonicWall can help meet each of these additional TSA cybersecurity requirements.

TSA Cybersecurity Mandate

Applicable SonicWall Solutions

 

 

Develop network segmentation policies and controlsSonicWall Next-Generation Firewalls (NGFW) can easily enable network segmentation via security zones or interfaces (physical or virtual). Each segmentation can be isolated and protected through security and routing policies. Additionally, our switches can provide enhanced network segmentation, allowing for local or cloud-based management.   

 

 

Create access control measuresAll of our network security solutions provide least-privilege and RBAC to reduce the risk of unauthorized access. Zero Trust solutions, such as our Cloud Secure Edge (CSE) and Secure Mobile Access (SMA) enterprise-class remote access solutions, provide granular access to network resources based on various contexts, including role, device, time of day and location.

 

 

Implement continuous monitoring and detection policies and proceduresSonicWall’s IDS/IPS monitors for and blocks known threats. Additional monitoring and detection capabilities are provided through Deep Packet Inspection (DPI) and our Real-Time Threat Intelligence   via SonicWall Capture Labs. SonicWall’s Network Security Manager (NSM) enables traffic analysis and reporting capabilities across security devices. Finally, Syslog/SIEM support integrates seamlessly with various tools for centralized logging and alerting.

 

 

Reduce the risk of exploitation of unpatched systemsSonicWall delivers automated firmware updates and alerts for vulnerabilities. NSM takes this a step further by providing a centralized dashboard to manage configurations, updates, and policy enforcement across distributed sites. The risk of exploiting unpatched infrastructure systems can be further reduced through Virtual patching capabilities, provided by SonicWall’s IPS and firewall policy engines, which can block threats even before official patches are applied.

 

Use Case Examples

  • Pipeline operators: Use SonicWall firewalls to segment SCADA from enterprise networks.
  • Rail companies: Deploy NSa Series appliances with Capture ATP for real-time threat detection at remote depots.
  • Airports: Implement SonicWall Secure Mobile Access (SMA) or Cloud Secure Edge (CSE) for secure remote access by third-party vendors and maintenance staff.

Bringing It All Together

The TSA’s mandates address critical cybersecurity needs by requiring the implementation of cybersecurity plans, developing network segmentation policies and controls, and enforcing access control measures. They also emphasize continuous monitoring and detection, along with reducing the risk of exploitation of unpatched systems — including through virtual patching where appropriate.

SonicWall offers solutions to help organizations meet these requirements, from segmentation and access control to advanced threat detection and secure remote access.

Resources

New Cybersecurity Requirements for Airport and Aircraft Operators — TSA, March 2023
Cybersecurity Requirements for Passenger and Freight Railroad Carriers — TSA, October 2022

Share This Article

An Article By

Leelin Thye

Senior Manager, Product Marketing

Leelin Thye is a Senior Manager of Product Marketing at SonicWall. She is CISSP certified and has been involved in the cybersecurity industry for more than ten years. Prior to SonicWall, Leelin was in Product Marketing at DigiCert and at Symantec. Her cybersecurity experience encompasses network security, authentication and access management, and software security.

Related Articles

  • Smarter Protection, Built To Be the MSP and MSSP Platform of Choice: SonicWall’s New Gen 8 Firewalls and Unified Environment
    Read More
  • Gen 8 TZ and NSa Firewalls: Simplifying Secure Public Internet Access for Users and Devices
    Read More