Cybersecurity Policy for Aviation and Internet Infrastructures

In this course we will examine the aviation and Internet infrastructures, and various policies that have been developed to help guide and strengthen their cybersecurity programs. The aviation and Internet infrastructures are also considered "lifeline infrastructure" as part of the transportation and communications sectors. Both subsectors are overseen by the Department of Homeland Security National Protection and Programs Directorate which manages the DHS National Infrastructure Protection Program. SSA responsibility for the aviation subsector is shared between the Transportation Security Administration and Federal Aviation Administration under the auspices of the Department of Homeland Security and Department of Transportation respectively. The Department of Homeland Security retains sole responsibility as the Sector-Specific Agency for the Internet subsector. While TSA and FAA have regulatory over the aviation subsector, DHS has no regulatory authority whatsoever over the Internet. In response to Executive Order 13636 issued by President Obama in February 2013, both sets of SSAs recommended continuing with voluntary cybersecurity measures. TSA and FAA reported they were working to implement the Transportation Roadmap across all transportation subsectors, including aviation. DHS reported that it was working with Internet providers to implement the Cyber Assessment Risk Management Approach. Despite some differences, the Transportation Roadmap and CARMA are very similar to the NIST Cybersecrity Framework and ES-C2M2 examined previously. That is to say, they are predicated on a continuous improvement process that engages the whole organization in identifying and implementing incremental changes to enhance cybersecurity practices based on prevailing standards. This module will examine both the aviation and Internet lifeline infrastructure subsectors, and elements and application of the Transportation Roadmap and CARMA.