Department of Homeland Security (DHS) officials said the Transportation Security Administration (TSA) has unveiled Security Directives to address surface transportation systems and associated infrastructure cybersecurity threats.
“These new cybersecurity requirements and recommendations will help keep the traveling public safe and protect our critical infrastructure from evolving threats,” Secretary of Homeland Security Alejandro N. Mayorkas said. “DHS will continue working with our partners across every level of government and in the private sector to increase the resilience of our critical infrastructure nationwide.”
The Security Directives focus on higher-risk freight railroads, passenger rail, and rail transit. The requirements need to be issued immediately to protect transportation security.
The Directives include owners and operators designating a cybersecurity coordinator, reporting cybersecurity incidents to CISA within 24 hours, developing and implementing a cybersecurity incident response plan to reduce the risk of an operational disruption, and completing a cybersecurity vulnerability assessment as a means of identifying system gaps or vulnerabilities.
Additional TSA guidance, according to DHS, includes recommending all other lower-risk surface transportation owners and operators voluntarily implement the same measures. TSA also recently updated its aviation security programs to require airport and airline operators to also implement the provisions.
The TSA also intends to expand aviation sector requirements while issuing guidance to smaller operators.