On September 6, 2018, two subcommittees of the U.S. House of Representatives Homeland Security Committee held a joint hearing entitled “Understanding Cybersecurity Threats to America's Aviation Sector,” with private sector witnesses testifying on current cybersecurity threats facing the aviation sector, as well as industry collaboration with the Federal Aviation Administration (“FAA”), Department of Homeland Security (“DHS”) and other federal agencies.

In their opening statements, the Subcommittee Chairmen presiding over the hearing emphasized the importance of aviation industry stakeholders partnering with the government to identify and address cybersecurity threats. Given the scope and complexity of these evolving threats, Cybersecurity and Infrastructure Protection Subcommittee Chairman John Ratliffe (R-TX) noted that, “it becomes incumbent upon the Department of Homeland Security, Congress, and the private sector to work together to find ways to create resilient systems—to create redundancies—to share threat information.” He also cited the Aviation Cyber Initiative and DHS National Risk Management Center as examples of key public-private sector partnerships.

Although the hearing witness panel did not include federal government representatives, the three private sector witnesses engaged in a robust discussion with Subcommittee Members regarding how industry and government agency stakeholders can work together to address existing and emerging aviation cybersecurity threats. To emphasize the significant challenges facing U.S. airports and the need to consider mandatory minimum cybersecurity standards, Tampa International Airport’s General Counsel Michael Stephens cited an Airport Cooperative Research Program survey in which 34% of U.S. airport respondents reported having a national cybersecurity standard or framework in place. Rep. John Katko (R-NY), chairman of the Transportation and Protective Security Subcommittee, called the survey results “frightening” and said it would be “absolutely ridiculous that we countenance that.”

In another line of questioning, Rep. Jim Langevin (D-RI) and Rep. Mike Gallagher (R-WI) asked the witnesses what Congress could do to incentivize more information sharing from aviation industry stakeholders with DHS and other relevant agencies. The Chief Intelligence Strategist for cybersecurity at FireEye, Christopher Porter, testified that the most effective means of defending against cyberespionage is “rapid, detailed information sharing with context.” While recognizing existing information sharing between government and industry partners, he stressed the need to improve on the “timeliness” of shared information. In addition, Mr. Stephens, highlighted the importance of improved information sharing, suggesting that, “mandating a minimum common standard and enhancing opportunities to share critical cybersecurity threat intelligence in a timely manner, will ultimately result in greater industry wide capability to combat cyber security risks.”