Sen. Rosen requests info on cyber threats targeting aviation sector

Sen. Jacky Rosen (D-Nev.) is urging the federal government to identify steps it is taking to secure the aviation industry from cyberattacks.

In a letter addressed to the Department of Transportation and the Cybersecurity and Infrastructure Security Agency (CISA), Rosen asked the agencies to provide her with information regarding the recent cyberattacks that hit a dozen websites of major U.S. airports last week.

Killnet, a Russian-speaking hacking group, claimed responsibility for the attacks which targeted 14 airports, including the Atlanta and Los Angeles international airports.

The Atlanta international airport said the cyberattack did not impact operations and that an investigation was underway. 

Rosen, who chairs the Senate’s subcommittee on tourism, trade and export Promotion, said that the incident shows a “broader trend” of cyberattacks increasing in frequency and severity in the U.S. transportation sector. 

“While, reportedly, this incident did not directly impact airport operations, I am concerned that our nation’s aviation ecosystem remains vulnerable to debilitating cyberattacks, especially as malicious Russian state-sponsored cyber actors threaten additional cyberattacks on the nation’s critical infrastructure,” Rosen said. 

In the letter, Rosen listed several questions addressed to the agencies, including how they’re coordinating with potentially impacted companies, whether they’re mitigating cyber risks and providing technical assistance to airports and airlines and if they’re aware of additional and immediate cyber threats targeting the country’s aviation sector.

Rosen has been pushing the federal government to do more to protect critical infrastructure including the health care sector, which has seen a surge in ransomware attacks in the last few years. 

Earlier this year, she and Sen. Bill Cassidy (R-La.) introduced a bipartisan bill, The Healthcare Cybersecurity Act, that would require CISA and the Department of Health and Human Services to improve cybersecurity standards in the health care and public health sectors.

The legislation would also require both departments to share information with the private sector to increase cyber resilience.