In light of this year’s cyberattack on Colonial Pipeline and other critical infrastructure targets in the United States, the Department of Homeland Security’s Transportation Security Administration (TSA) component is prepping a new cybersecurity directive covering “high-risk” railroad operations, according to DHS Secretary Alejandro Mayorkas.
“To strengthen the cybersecurity of our railroads and rail transit, TSA will issue a new security directive this year that will cover higher-risk railroad and rail transit entities and require them to identify a cybersecurity point person; report incidents to CISA; and put together a contingency and recovery plan in case they become a victim of malicious cyber activity,” Mayorkas said October 7 at the Billington Cybersecurity Summit.
In addition to coordinating with industry as plans are developed, TSA will also issue separate guidance to encourage lower-risk surface transportation entities to take similar cybersecurity measures, and initiate a rulemaking process to develop a longer-term regime to strengthen cybersecurity and resilience in transportation.
“We are also advancing initiatives like CISA’s CyberSentry program, a voluntary partnership between government and business that helps us spot sophisticated threats early, understand how far they reach, share critical guidance, and collaborate with network defenders on responding swiftly and effectively,” Mayorkas said.
He added that cybersecurity will play a key role in the next cycle of the Federal Emergency Management Agency’s transportation-related grant programs, with funding driven toward those key efforts.
Mayorkas added that those moves “only scratched the surface” of what is being accomplished by the agency and the Biden administration in the cybersecurity arena.