The Transportation Security Administration (TSA) in the United States has mandated key rail infrastructure operators to update the Cybersecurity and Infrastructure Security Agency (CISA) of any cybersecurity issues within 24 hours. The TSA also requires firms involved in ‘high-risk’ freight railways, passenger rail, and rail transit to designate a cybersecurity coordinator, according to a set of security instructions published on December 2.
The cybersecurity coordinator will notify the TSA and CISA, and will be in charge of developing and implementing a cybersecurity incident response strategy, as well as completing a cybersecurity vulnerability assessment.
The Transportation Security Administration (TSA), part of the Department of Homeland Security (DHS), has published separate, voluntary recommendations proposing that lower-risk surface transportation owners and operators take the same precautions.
As per the Secretary of Homeland Security Alejandro N Mayorkas, these new cybersecurity regulations and suggestions will assist in keeping the traveling public safe and defend vital infrastructure from growing threats. DHS will continue to collaborate with partners at all levels of government and the business sector to enhance the resilience of critical infrastructure across the country.
The aviation industry was also recently told to create a cybersecurity coordinator and report security problems to the CISA within 24 hours. The TSA promises that further requirements are on the way. According to a DHS press release, the TSA plans to start a rule-making process for some surface transportation organizations to improve their cybersecurity resiliency.
The measures are resulting from a 60-day transportation security ‘sprint,’ which comes after DHS sprints on ransomware, information security recruiting, and industrial control systems. There will be more election security and international capacity-building races to come.
While many in the information security sector will undoubtedly applaud the required regulations, Tara Wisniewski, executive VP of advocacy, global markets, and member engagement at infosec training organization (ISC)2, has previously stated that such steps are vital but insufficient.
Following a series of devastating cyber-attacks on government institutions and crucial infrastructure, President Biden has made cybersecurity a priority on his agenda. A broad executive order signed in May called for a reorganization of federal software procurement. It urged software companies to tell US federal government clients of security vulnerabilities as soon as possible.