The Transportation Security Agency (TSA) has released its first Cybersecurity Roadmap to prioritize cybersecurity measures within the TSA and the nation’s transportation system, the Transportation Systems Sector (TSS). The TSA’ Cybersecurity Roadmap closely aligns with the more general DHS Cybersecurity Strategy published earlier this year.
The roadmap notes that TSA’s mission responsibilities include: (1) securing its own networks, and (2) working with its partners and TSS stakeholders, in coordination with the Department of Homeland Security (DHS), to secure its cyberspace. In order to ensure cybersecurity resiliency in the private sector portion of TSS, TSA will work with the DHS’ newly created Cybersecurity and Infrastructure Security Agency (CISA).
This roadmap identifies four priorities, together with goals and objectives to accomplish each, that TSA will use to successfully execute its cybersecurity responsibilities. These priorities are:
- Identifying cyber security risks;
- Reducing vulnerabilities to TSA systems and critical infrastructure across the TSS;\
- Mitigating consequences if and when incidents do occur; and
- Strengthening security and ensure the resilience of the system.
The priorities are part of the TSA’s recognition that that the “growing interconnectivity of cyber and physical systems within critical infrastructure creates the potential risk for malicious cyber activity to result in direct physical consequences.” As a result, TSA Administrator David P. Pekoske stated that “we must be prepared to respond to cyber threats with the same level of success as we do when faced with physical threats.”
The Cybersecurity Roadmap is a key piece of the TSA strategy to improve security and safeguard the nation’s transportation system, and lessons drawn from the roadmap could be equally applicable to other systems and industries.