On March 7, 2023, in the wake of President Joe Biden’s National Cybersecurity Strategy announcement, the U.S. Transportation Security Administration (TSA) issued a cybersecurity emergency action amendment for certain regulated airport and aircraft operators. The new Action Rule can have significant impacts on IT, security, and compliance teams in this industry. If your organization is subject to this new action, we explain in this blog how Qualys can help you easily and quickly comply with TSA’s cybersecurity emergency action rule.
TSA representatives have stated that the emergency action is due to “persistent cybersecurity threats against U.S. critical infrastructure, including the aviation sector.” TSA-regulated entities must develop an approved implementation plan for improving cybersecurity resilience and prevent disruption and degradation to critical infrastructure. Entities are required to proactively assess the effectiveness of those measures and take the following four actions:
- Develop network segmentation policies and controls to ensure that operational technology systems can continue to safely operate in the event that an information technology system has been compromised, and vice versa;
- Create access control measures to secure and prevent unauthorized access to critical cyber systems;
- Implement continuous monitoring and detection policies and procedures to defend against, detect, and respond to cybersecurity threats and anomalies that affect critical cyber system operations; and
- Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers and firmware on critical cyber systems in a timely manner using a risk-based methodology.
How Qualys Can Help
The Qualys Cloud Platform is built with the world’s most comprehensive Vulnerability Management (VM) capabilities, including its own asset inventory, threat database, and attack surface management. The apps required for TSA compliance are delivered via one platform, managed with one dashboard, and deployed with a single agent. Outlined below are specific apps available on the Qualys Cloud Platform that can address each TSA requirement:
|TSA Requirement||Qualys Solution||Qualys Platform Product(s)|
|Requirement #1: Develop network segmentation policies and controls to ensure that operational technology systems can continue to safely operate in the event that an information technology system has been compromised, and vice versa||This requirement is specific to network equipment, but when using the Qualys Cloud Platform agent, customers can continuously validate that devices in different network segments cannot “see” each-other. This ensures that current policies, as well as future deliberate or accidental changes to your network settings, do not negatively impact the requirement. When a negative impact is detected, a new custom vulnerability can be flagged and added to your VMDR reports/dashboards. This ensures visibility for those vulnerabilities can be integrated with your current vulnerability management workflows. Also, VMDR for OT can be used as part of a defense in depth strategy to address the requirement to ensure OT systems continue operating, despite any compromises elsewhere in the network.||Qualys Policy Compliance (PC)|
Qualys Custom Assessment and Remediation
|Requirement #2: Create access control measures to secure and prevent unauthorized access to critical cyber systems;||Ensuring a secure policy for access control is critical for both corporate IT and cloud resources. Using Qualys compliance solutions, both for cloud SaaS solutions (e.g., Office 365, Google, Salesforce, etc.) and corporate IT resources, Qualys customers can validate and enforce access control, and user authentication and password policies, to ensure secure access control is always configured correctly and enforced, as well as alerts for any future changes that may negatively impact controls. Also, Qualys Total Cloud can help identify issues for remediation to prevent unauthorized access.||Qualys Policy Compliance (PC)|
Qualys SaaS Detection & Response
|Requirement #3: Implement continuous monitoring and detection policies and procedures to defend against, detect, and respond to cybersecurity threats and anomalies that affect critical cyber system operations;||Utilizing the same agent for vulnerabilities scanning and patch and configuration assessments, Qualys Endpoint Security continuously monitors all endpoint activities to detect and stop cybersecurity threats. It includes multiple layers of protection. Each layer is designed to stop specific types of threats, tools, or techniques, covering multiple stages of attacks. By automatic correlation of malware incidents, CVE’s and Patches, organizations can prevent future attacks by instantly remediating actively exploited vulnerabilities. In addition, Qualys File Integrity Monitoring(FIM) generates real-time alerts in case any unauthorized changes are made to systems that are mission-critical to airport operations.||Qualys Policy Compliance (PC)|
Qualys Endpoint Security
File Integrity Monitoring
|Requirement #4: Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers and firmware on critical cyber systems in a timely manner using a risk-based methodology.||With Qualys industry leading vulnerability scan and TruRisk prioritization, the Qualys Cloud Platform provides the industry most accurate risk-based prioritization. By utilizing the fully integrated risk-based methodologies with patch capabilities, the Qualys platform allows customers to efficiently patch vulnerable Linux, Mac and Windows systems. The Qualys remediation solution can complement your SCCM/WSUS solution, and if needed, can integrate with your current remediation workflows to allow security and IT teams to leverage your investment in the Qualys platform. This will help you quickly address most of your unpatched systems and ensure compliance. In fact, customers that are using Qualys Patch and its automation are experiencing almost twice as faster mean time to remediation (MTTR).||Qualys Patch Management |
Qualys Vulnerability Management, Detection, and Response (VMDR)
More About the Qualys Cloud Platform
The Qualys Cloud Platform is one of the only security and compliance platforms that is FedRAMP Authorized to Operate (ATO) at the Medium Impact level. Qualys was selected by TSA’s own leadership, the Department of Homeland Security (DHS), to support 70 federal agencies for its Continuous Diagnostics and Mitigation (CDM) program. The CDM program provides strong support for government-wide and agency-specific efforts to ensure risk-based, consistent, and cost-efficient cybersecurity solutions to protect federal civilian networks across all organizational tiers by:
- Reducing agency attack surfaces
- Increasing federal cybersecurity posture visibility
- Improving federal cybersecurity response capabilities
- Streamlining Federal Information Security Modernization Act (FISMA) reporting
The Qualys Cloud Platform is one of the most advanced security platforms for federal, state, and local agencies, as well as regulated private sector firms that must comply with TSA’s required actions. The platform provides an entity-wide view of risk-based cybersecurity posture, with more than two dozen security and compliance applications fully integrated by a single, centralized interface and agent.
The platform simultaneously conforms with the federally mandated Zero Trust Security Model and many of the broader guidelines documented in NIST Special Publication 800-53 v5.
To learn how your TSA entity can easily and quickly comply with the new emergency directive, please visit Qualys today to start your free trial.
- Bill Reed, Qualys Product Marketing
- Eran Livne, Qualys Product Management
- Dave Buerger, Qualys Product Marketing