The Transportation Security Administration (TSA) has recently announced a new cybersecurity security directive. The directive is issued in order to improve the cybersecurity of railroad operations and regulate passengers and freight railroad carriers.
The TSA announcement demonstrates the Biden-Harris Administration’s commitment to strengthening the cybersecurity of U.S critical infrastructure. The security directives will further improve the nation’s railroad operations’ cyber security preparedness and resilience, building on the TSA's work to fortify defenses in other modes of transportation.
Why are the new directives important?
The latest measures are taken by US officials following the series of ransomware attacks and hacking incidents in the past years.
In 2016, San Francisco Municipal Transportation Agency was targeted by a ransomware attack, which caused administrators to disable ticketing machines and turnstiles for metro stations for a weekend.
Last year, the US witnessed the disruptive potential of a cybercrime incident, where a major pipeline company had to halt its operations for days following a ransomware attack.
The new TSA directive instructs rails companies to report hacking incidents to the Department of Homeland Security, having a strategy in place to prevent a cyberattack from affecting their business operations.
The directive essentially focuses on creating access controls to prevent unauthorized access to critical systems.
The operators must ensure that these systems are constantly monitored and detected by policies and procedures. Additionally, they must also make sure that the operating systems, applications, drivers, and firmware of the critical systems are patched and up to date.
About the new directives, TSA Administrator David Pekoske said, “The nation’s railroads have a long track record of forward-looking efforts to secure their network against cyber threats and have worked hard over the past year to build additional resilience, and this directive, which is focused on performance-based measures, will further these efforts to protect critical transportation infrastructure from attack.”
“We are encouraged by the significant collaboration between TSA, FRA, CISA and the railroad industry in the development of this security directive.”
As per Anne Neuberger, a senior White House official, the US officials are also working on cybersecurity measures for the water and healthcare sectors. Alongside regulations for the communications sector, including emergency warning systems are also underway.
