The U.S. Government Accountability Office (GAO) suggests that the Transportation Security Administration (TSA) update its Baseline Assessment for Security Enhancement (BASE) cybersecurity template to reflect key cybersecurity practices.
Through this BASE template and the Transportation Sector Security Risk Assessment, TSA assess passenger rail risks by evaluating threats, vulnerabilities, and “consequence for attack scenarios across various transportation modes,” GAO said in a report.
Recent cyberattacks on the U.S. rail systems and in foreign cities led GAO to review and analyze TSA’s systems and highlight strengthening and securing passenger rails.
GAO made two recommendations to TSA, both of which the Department of Homeland Security concurred.
“The TSA Administrator should update the BASE cybersecurity template to ensure it reflects cybersecurity key practices, including the Detect and Recover functions outlined in the [National Institute of Standards and Technology] Cybersecurity Framework,” GAO recommended.