The United States is constantly under attack from bad actors, including nation states and financial opportunists. Threats to critical infrastructure and services such as public transportation can have far-reaching impacts on the economy, public safety, and national security.
Following the 2021 ransomware attack on the Colonial Pipeline, the Transportation Security Administration (TSA) issued directives in 2022 to bolster security for U.S. pipelines. These directives were issued as part of an overarching executive order to protect critical infrastructure from “degradation, destruction, or malfunctioning of systems that control this infrastructure.” [Reference: National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems (July 29, 2021).]
In October 2022, Security Directives 1580-21-01A, 1582-21-01A, and 1580/82-2022-01 were announced to include surface transportation systems and associated infrastructure such as passenger railroads and rail systems. In March 2023, an emergency amendment was added to extend the directives to TSA-regulated airport and aircraft operators.
What is at the core of these security directives?
In summary, the directives mandate that impacted entities such as railroad, airline, and airport owners and operators must:
- Develop a TSA-approved implementation plan that describes the specific measures taken to achieve cybersecurity outcomes; and,
- Develop a TSA-approved assessment plan that describes how the specific measures will be assessed for effectiveness.
Specific measures outlined include the following actions:
- Implement network segmentation policies and controls to ensure that the Operational Technology system can continue to safely operate in the event that an Information Technology system has been compromised;
- Implement access control measures to secure and prevent unauthorized access to Critical Cyber Systems;
- Implement continuous monitoring and detection policies and procedures to detect cybersecurity threats and correct anomalies that affect Critical Cyber System operations; and,
- Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers, and firmware on Critical Cyber Systems in a timely manner using a risk-based methodology.
[Reference: Security Directive 1580/82-2022-01C]
Introducing Ordr…
Ordr is a comprehensive operational technology (OT) and IT asset discovery and classification solution that helps to ensure that only trusted systems can access the network. Ordr calculates risk based on device type, model, operating system, and patch status, and continuously monitors communications for threat activity and anomalous behavior. Ordr then dynamically groups devices based on organizational requirements and automatically generates and provisions network segmentation policies.
The following table lists the four specific measures encompassed in the TSA mandates in more details and how Ordr helps to address each one.
TSA Measure | Cybersecurity Measure Details | Ordr Solution |
1 | Implement network segmentation policies and controls designed to prevent operational disruption to the Operational Technology system if the Information Technology system is compromised or vice-versa. | Ordr passively discovers and classifies all OT and IT devices on the network and automatically tracks the communications of all devices including IT to IT, OT to OT, and all traffic between OT and IT. Ordr dynamically generates segmentation and provisions segmentation policies to switches, wireless controllers, and firewalls to permit only safe and authorized communications between each device regardless of its type or function. |
2 | Implement access control measures, including those for local and remote access, to secure and prevent unauthorized access to Critical Cyber Systems. | Ordr seamlessly integrates with existing wired switches, wireless controllers, firewalls, and Network Access Control (NAC) solutions from leading vendors to implement access controls to secure and prevent unauthorized access to Critical Cyber Systems. |
3 | Implement continuous monitoring and detection policies and procedures that are designed to prevent, detect, and respond to cybersecurity threats and correct anomalies affecting Critical Cyber Systems. | Ordr continuously monitors all device communications to establish baselines of safe behavior and automatically detects anomalies, suspicious activity, vulnerable communications, as well as internal and external threats. Ordr can dynamically respond to threats by quarantining an attack or infected system, block unauthorized or high-risk communications, or limit access to vulnerable systems. |
4 | Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers, and firmware on Critical Cyber Systems consistent with the Owner/Operator’s risk-based methodology. | Ordr can directly or indirectly discover and track unpatched and vulnerable systems. As an agentless solution, Ordr does not directly apply patches, but integrates with industry leading patch management and mobile device management (MDM) solutions as well as vulnerability management solutions to verify critical systems are patched and dynamically update its risk calculation based on vulnerability and patch status. |
For additional information on how Ordr can accelerate compliance with TSA cybersecurity mandates for critical infrastructure to protect public transportation for airlines, railroads, rail systems, and pipelines, contact us to discuss further.
Interested in Learning More?
Subscribe today to stay informed and get regular updates from Ordr Cloud