US Dept. of Homeland Security Tightens Cybersecurity Measures in Transportation Sector

US Dept. of Homeland Security Tightens Cybersecurity Measures in Transportation Sector

The Transportation Security Administration (TSA) in the United States has mandated key rail infrastructure operators to update the Cybersecurity and Infrastructure Security Agency (CISA) of any cybersecurity issues within 24 hours. The TSA also requires firms involved in ‘high-risk’ freight railways, passenger rail, and rail transit to designate a cybersecurity coordinator, according to a set of security instructions published on December 2.

The cybersecurity coordinator will notify the TSA and CISA, and will be in charge of developing and implementing a cybersecurity incident response strategy, as well as completing a cybersecurity vulnerability assessment. 

The Transportation Security Administration (TSA), part of the Department of Homeland Security (DHS), has published separate, voluntary recommendations proposing that lower-risk surface transportation owners and operators take the same precautions.

As per the Secretary of Homeland Security Alejandro N Mayorkas, these new cybersecurity regulations and suggestions will assist in keeping the traveling public safe and defend vital infrastructure from growing threats. DHS will continue to collaborate with partners at all levels of government and the business sector to enhance the resilience of critical infrastructure across the country.

The aviation industry was also recently told to create a cybersecurity coordinator and report security problems to the CISA within 24 hours. The TSA promises that further requirements are on the way. According to a DHS press release, the TSA plans to start a rule-making process for some surface transportation organizations to improve their cybersecurity resiliency.

The measures are resulting from a 60-day transportation security ‘sprint,’ which comes after DHS sprints on ransomware, information security recruiting, and industrial control systems. There will be more election security and international capacity-building races to come.

While many in the information security sector will undoubtedly applaud the required regulations, Tara Wisniewski, executive VP of advocacy, global markets, and member engagement at infosec training organization (ISC)2, has previously stated that such steps are vital but insufficient.

Following a series of devastating cyber-attacks on government institutions and crucial infrastructure, President Biden has made cybersecurity a priority on his agenda. A broad executive order signed in May called for a reorganization of federal software procurement. It urged software companies to tell US federal government clients of security vulnerabilities as soon as possible.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.