The U.S. Transportation Security Administration (TSA) is taking proactive measures to protect the nation’s transportation system by issuing new cybersecurity requirements for airports and aircraft operators. These emergency actions from TSA are part of the plan to increase the cyber resiliency of critical infrastructure and prevent their degradation or disruption. CrowdStrike’s own best practices and solutions for protecting business operations and critical infrastructure support key objectives outlined by TSA. 

TSA has mandated improvements in the following actions:

1. Develop network segmentation policies and controls to ensure that operational technology (OT) systems can continue to safely operate in the event that an information technology (IT) system has been compromised, and vice versa.
2. Create access control measures to secure and prevent unauthorized access to critical cyber systems.
3. Implement continuous monitoring and detection policies and procedures to defend against, detect and respond to cybersecurity threats and anomalies that affect critical cyber system operations.
4. Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers and firmware on critical cyber systems in a timely manner using a risk-based methodology.

Airport and aircraft operators run complex networks of integrated IT and OT systems to move passengers and freight safely and efficiently across the country. Adversaries, on the other hand, are looking to disrupt those operations and compromise those systems, creating the need for increased cybersecurity resiliency and controls.

CrowdStrike serves hundreds of customers in the transportation industry, and our unified CrowdStrike Falcon^® platform together with CrowdStrike Services can deliver a comprehensive solution needed to address the new cybersecurity requirements issued by TSA. 

CrowdStrike Delivers on Cyber Resiliency to Meet TSA Requirements

CrowdStrike tracks more than 200 adversaries across the globe, with almost half of those threat actors actively targeting the transportation, aerospace and aviation industries. We maintain extensive threat intelligence on the trends, tactics and techniques used by these threat actors to exploit, disrupt and threaten the nation’s transport systems.

CrowdStrike can help airport and aircraft operators gain a deeper understanding of their threat landscape and meet the TSA mandates to enhance their cyber resiliency against the threat actors that are looking to execute destructive attacks. 

CrowdStrike helps transportation organizations increase their cyber resiliency and achieve the following business outcomes:

• Operational and Cost Efficiencies: 
  • Consolidate multiple disparate security tools with a single unified security platform.
  • Deliver expertise at scale focused on hunting, response and remediation, enabling organizations to focus on their core mission (moving people and goods globally).
  • Test their cybersecurity controls and practices with real-world breach scenarios to better prepare their organization against threat actors.
  • Reduce the operational cost to deliver a robust cybersecurity solution with fortified security posture across the IT/OT environment.

• Security Efficiencies:
  • Effectively segment their network with the right firewall policies and controls.
  • Detect anomalous user activity and credential misuse.
  • Enforce multifactor authentication (MFA) when suspicious user behavior is detected.
  • Continuously hunt for threats including zero-day attacks and hands-on-keyboard activity and respond to a breach with speed and precision.

With our single lightweight Falcon agent, we gather the necessary security telemetry and events into the Falcon platform to address the TSA mandate in a unified manner: network segmentation, access control, continuous monitoring and detection, and system patching.

Network Segmentation

• CrowdStrike Falcon^® Firewall Management enables network segmentation through the creation, management and enforcement of firewall policies and controls with a simple, centralized approach across your IT and OT environment.
• CrowdStrike’s Red Team Exercises can test that the network segmentation policies and controls are working as intended and that threat actors are unable to move laterally and penetrate different segments of the network.

Access Control

• CrowdStrike Falcon^® Identity Protection prevents unauthorized access to critical cyber systems and reduces the opportunity for privilege escalation by threat actors using compromised credentials. The solution will monitor and harden your Active Directory environment. providing better identity protection. 
  • Given that more than 80% of today’s threats begin with compromised credentials, go one step beyond identity and access management with the integration of leading identity provider solutions like Okta and Ping, and use Falcon Identity Protection to deliver conditional-based access that enforces multifactor authentication when suspicious user activity is detected on the network. 

Continuous Monitoring and Detection

• CrowdStrike Falcon^® Complete is our fully managed detection and response (MDR) service for endpoints, cloud workloads, identities and data logging, using highly skilled CrowdStrike experts to administer the platform, respond to incidents and hunt for threats 24/7. For organizations that lack the skills and resources to enhance their level of resilience in a timely manner, then Falcon Complete is the best solution.
• CrowdStrike Falcon^® Insight XDR delivers industry-leading detection and response capabilities for your IT environment across your endpoints and cloud workloads. This AI-powered solution has powerful detection policies and automated response procedures for both malware and malware-free attacks, stopping the majority of breaches in real time.
• CrowdStrike^® Falcon OverWatch^™ is our human threat hunting service that delivers continuous monitoring and hunting for those “hard to detect, never seen before” zero-day attacks and hands-on-keyboard activity that can evade even the best automated detection solutions. Our expert hunters relentlessly scour for unknown and advanced threats targeting your organization.
• CrowdStrike Falcon Insight XDR plus NDR like Corelight delivers network detection and response (NDR) for your IT and OT environment including operational control systems and other anomalous devices on the network. This added layer of network protection aggregates network detections together with endpoint and cloud workload detections to give you complete visibility to threat activity and threat severity in a single Falcon console.
• CrowdStrike Falcon^® Cloud Security delivers unified visibility and security for hybrid and multi-cloud environments in a single CNAPP platform. Falcon Cloud Security secures workloads, containers and serverless environments with one-click deployment through a unified agent and agentless platform. Falcon Cloud Security is also an offering of the Falcon Complete managed service.

System Patching

• CrowdStrike Falcon^® Spotlight vulnerability management identifies unpatched systems and updates required to the OS, applications, drivers and firmware. Falcon Spotlight utilizes scanless vulnerability assessment technology, delivering always-on, automated vulnerability management that prioritizes risks in real time. 
• CrowdStrike Falcon^® Discover IT hygiene provides the additional benefit of a complete asset inventory with visibility across the network. Many breaches occur on unprotected devices on the network, so having the real-time visibility into managed and unmanaged devices on the network will help in discovering, prioritizing and patching systems to mitigate risk of exposure.  
• CrowdStrike’s Technical Risk Assessment will deploy Falcon Spotlight and Falcon Discover and provide you with prioritized actionable recommendations to improve IT hygiene across your environment.

Achieve the Next Level of Cyber Resilience and Cost Savings

Transportation organizations using the CrowdStrike Falcon platform experience significant reductions in security costs through the use of our consolidated platform and single-pane-of-glass approach. One customer, for example, reduced security costs by 75% and saw malware attacks plummet from being a daily occurrence to now being a rare occurrence. Also, remediation time for an incident shrunk from between 8 and 48 hours down to less than one hour with the Falcon platform — enabling defenders to operate at the speed of an adversary. 

By choosing the Falcon Complete managed detection and response (MDR) service, the organization was able to get rid of all of the extraneous security applications that were installed on users’ computers, overcome the lack of security expertise in the organization and save money. The full Falcon Complete portfolio offers MDR for endpoint security, cloud workload security, identity protection and data logging, leveraging the full power of the Falcon platform. 

Test Your Cyber Resilience Against Sophisticated Threat Actors

CrowdStrike Services offers a comprehensive portfolio of incident response (IR) and proactive advisory services. These services are available under a Services Retainer, which provides on-demand access to a full portfolio of services. Our Services team has extensive experience helping aviation and transportation organizations of all shapes and sizes prepare to defend against sophisticated adversaries, respond to attacks with speed and precision, and fortify their cybersecurity practices and controls with actionable recommendations for improvements. These services include:

• Incident Response to respond to a breach and contain the attack
• Endpoint Recovery to recover from an attack with speed and precision
• Security Assessments to help fortify your cybersecurity practices and controls
• Tabletop Exercises to test your IR plans and playbooks through roundtable discussions to see how your team would respond to a specific attack scenario
• Red Team / Blue Team Exercises to simulate an advanced attack on your IT/OT environment and test your defenses and response capabilities to see how they stand up
• Pen Testing to test critical components of your infrastructure to see if it can withstand an attack

With the CrowdStrike Falcon platform and CrowdStrike Services, you can address the new TSA cybersecurity requirements, improve your security posture and defend against sophisticated cyber threats. To learn more, contact us or take a free trial. 

Additional Resources

• Get back to business faster with CrowdStrike Incident Response Services.
• Get on demand access to security experts with a CrowdStrike Services Retainer.
• Protect your users from credential misuse with CrowdStrike Falcon Identity Protection.
• Monitor threats with continuous hunting from CrowdStrike Falcon OverWatch.
• Achieve higher cyber resilience faster with CrowdStrike Falcon Complete.