TSA cybersecurity directives require demonstrated incident response capability. We test your ability to protect operational technology, coordinate across agencies, and maintain passenger safety.
Exercises designed for the multi-stakeholder complexity of transportation — airlines, airport authorities, TSA requirements, FAA coordination, and OT systems that can't go offline.
Faster TSA notification and coordination in cyber incidents
TSA cybersecurity directive exercise requirements satisfied
Stakeholder groups coordinated in airport-wide simulations
From exercise to updated cybersecurity implementation plans
Why airports & transportation organizations are investing in structured exercise programs.
TSA Security Directives (SD-1580/82-2022-01) require pipeline and surface transportation operators to implement cybersecurity practices including incident response plan testing. Airport operators face increasing expectations.
Airports involve airlines, concessionaires, TSA, CBP, FAA, and local law enforcement — all sharing infrastructure. A cyber incident affecting one stakeholder can cascade across the entire facility.
Baggage handling, access control, HVAC, fire suppression, and airfield lighting systems are increasingly connected. Compromising these systems has immediate physical safety implications.
Flight delays, security screening disruptions, and system outages generate immediate media coverage and public concern. Crisis communication is inseparable from incident response.
Real adversary tactics we test against in every engagement.
Attacks targeting baggage handling, access control, passenger information displays, or airfield operations systems. Tests operational continuity and safety decisions.
Ransomware that spreads across shared airport infrastructure — affecting airlines, ground handlers, and airport authority systems simultaneously.
Compromise of physical access control systems — badge systems, secure area access, or credential management. Tests security response when physical and cyber converge.
Attacks targeting flight operations, crew scheduling, or reservation systems — testing coordination between airline and airport response teams.
Exfiltration of passenger data, employee records, or security-sensitive facility information. Tests notification requirements and regulatory coordination.
Combined cyber disruption and physical security threat — testing your ability to coordinate multiple response protocols simultaneously.
Custom-designed for airports & transportation environments. Every scenario is MITRE ATT&CK-mapped.
Ransomware encrypts airport authority network — baggage handling, flight displays, and access control affected
Attacker compromises physical access control system — secure area badge access can no longer be verified
Airline reservation system outage during peak travel — manual check-in required for 50+ flights
Nation-state actor establishes persistence in airfield operations network — detected by TSA tip
Coordinated cyberattack during major weather event — flight operations and emergency coordination impacted
Third-party ground handler breach compromises shared network infrastructure across multiple airlines
Phishing campaign targets airport authority IT staff — VPN credentials compromised
HVAC/building management system compromise during extreme heat — terminal operations at risk
We understand multi-stakeholder transportation environments — exercises coordinate across airlines, airport authority, TSA, and law enforcement
TSA cybersecurity directive alignment — exercise documentation satisfies regulatory requirements
OT-focused scenarios that test baggage handling, access control, and airfield operations incident response
Scenarios built from real attacks on transportation infrastructure and CISA advisories
We test the coordination decisions: who leads response, when to notify TSA, when to ground flights
Multi-agency crisis simulations that practice the coordination gaps most airports have never tested
Experience across commercial airports, transit authorities, port operations, and rail operators
Deliverables satisfy cybersecurity implementation plan requirements and board governance expectations
Start where your organization is. Build from there.
First structured exercise with full capability assessment.
Schedule Scoping CallMaturity scoring, playbook recommendations, executive accountability.
Schedule Scoping CallFull-day executive crisis simulation with remediation roadmap.
Schedule Scoping CallView full service details, add-ons, and advisory retainers →
A 30-minute scoping call is all it takes. We'll learn your environment and design an exercise that builds real operational readiness.