Felipe Contin Sampaio 3:26 PM (0 minutes ago) to me

BR +55 11 3069 3925 | USA +1 469 620 7643

New cybersecurity requirements from the Transportation Security Administration (TSA) in the United States

by | Apr 13, 2023 | Uncategorized | 0 comments

On the last March 7th, the Transportation Security Administration (TSA) issued a new emergency amendment requiring regulated airlines and airports to increase their capacity to face cyber attacks. The measure was taken less than a week after the United States government announced its national cyber security strategy, following similar requirements directed at freight and passenger rail carriers.

According to the issued statement, TSA’s priority is to protect the United States transportation system, working collaboratively with stakeholders and offering safe, secure, and efficient travel. This was necessary due to hackers who have attacked the aviation industry using different invasion methods.

In July 2022, American Airlines was a victim of a phishing attack, granting unauthorized access to its IT environment. In addition, various airports in the United States were targeted by DDoS attacks in October of the same year.

For this reason, regulated entities affected by the TSA must promote the following actions:

  • Develop network segmentation policies and controls, ensuring that operational technology systems continue to function securely in case of a compromise of IT;
  • Create access control measures, protecting critical systems from unauthorized access;
  • Implement continuous monitoring and detection policies and procedures to identify and respond to cyber security threats and anomalies; and
  • Reduce the risks of exploitation of uncorrected systems by applying security patches and updates on operating systems, applications, drivers, and firmware through a risk-based methodology.

Previously imposed requirements for aircraft operators and airports include establishing a cyber security point of contact, developing and adopting a cyber security incident response plan, conducting a cyber security vulnerability assessment, and reporting significant cyber security incidents to the Cybersecurity and Infrastructure Security Agency (CISA).


In conclusion, the new amendment issued by the TSA is their latest effort to ensure that transportation operators improve their ability to address cyber threats. In this article, we covered its goals and importance.

Are you enjoying this post? Join our Newsletter!

Newsletter Blog EN

9 + 2 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.


According to Cybersecurity Ventures, the world ended 2020 with 300 billion passwords to protect. And the trend shows this number will increase dramatically. Email accounts (personal and professional), banking services, corporate systems, devices, and applications are some examples that require authentication through passwords. And with the increase in the number of data leaks, it is easy to find compromised credentials on forums on the dark web being sold for pennies.

And yes, we know that it is not easy to manage so many passwords. Even the most tech-savvy can struggle to manage and protect credentials in so many different environments. In times of personal data protection legislation, such as LGPD and GDPR, ensuring the protection of such data has become more than a security requirement – it is a business must.

Despite all the risks associated with their use, many users and companies use passwords that are easy to guess, such as numbers or sequential letters (123456 or abcdef). SolarWinds itself, the victim of a serious attack on its supply chain, was using the password solarwinds123 in its infrastructure. Certainly, your email password or mine is stronger than the one used by this American technology company.

So, on this World Password Day, here are some tips that should be considered by users to keep their data protected:

  1. Use long and complex passwords. This prevents hackers from using techniques to guess them. However, just using complex passwords may not be enough to protect them from hackers.
  2. Many devices are configured with default passwords. Change them immediately.
  3. Avoid reusing your passwords on different accounts. Also, constantly check if you have already been the victim of a data leak through senhasegura Hunter. If so, change your passwords immediately.
  4. Configure your passwords to be changed frequently. The ideal is at least every 3 months.
  5. Do not write down, store in an easily accessible place, or share your passwords with others, thus avoiding unauthorized access.
  6. Consider password management solutions, or even privileged access management (PAM), to manage the use of systems and devices.
  7. Use Multiple-Factor Authentication (MFA) mechanisms to add a layer of security to your accounts.
  8. Set up means of retrieving access, such as including phone numbers or emails.

Passwords are one of the oldest security mechanisms in the computing world and are also one of the main attackvectors by hackers. And in the “new normal” era, with increasing threats resulting from the covid-19 pandemic, it is vital that users be alert and properly protect their digital identities. In this way, we can avoid cyberattacks that can cause considerable damage not only to people, but also to companies. And on this World Password Day, remember: security starts with you!

The main causes of data leaks

Data leaks occur whenever a user or organization has their sensitive information exposed, putting the security and privacy of companies and people at risk. Know more! The Data Breach Investigation Report 2022, conducted by the Ponemon Institute, provides an overview...

What is the SOC 2 report and why is it important for senhasegura?

SOC 2 provides a report after completing the audit. Recently, senhasegura conquered this milestone, providing details on the principles of confidentiality, processing integrity, availability, and information security. Want to know more about this subject? Read our...

What is a lateral movement attack and how does it occur?

A lateral movement attack occurs when the cybercriminal gains access to an initial target to move between devices within the network without their presence being noticed. In this article, we explain in detail what side threats are and how to avoid them. Want to know...

Why are government organizations favorite targets for cybercriminals?

The government segment was one of the most attacked by hackers in the last quarter of 2022. Learn more! In recent years, malicious actors have demonstrated a propensity to attack government organizations, including through ransomware, although governments are not...

Building a Ransomware Incident Response Plan

Ransomware is a type of cyberattack where malicious attackers lock down their victims' computers and demand a ransom to unlock. In this, we show you how to create a response plan for incidents involving ransomware. Want to know everything about it? Read our text until...