News

TSA renews cybersecurity requirements for railroad carriers

On Monday, the Transportation Security Administration (TSA) announced it had renewed updates to security directives that regulate passenger and freight railroad carriers.

The revised directives, part of an effort to enhance the cybersecurity of surface transportation systems and associated infrastructure, were set to expire on Oct. 24 but have instead been renewed for one year, officials said. The renewed directives also include updates seeking to strengthen the industry against cyberattacks.

“The renewal is the right thing to do to keep the nation’s railroad systems secure against cyber threats, and these updates sustain the strong cybersecurity measures already in place for the railroad industry,” said TSA Administrator David Pekoske.

Developed after consultation from industry stakeholders and federal partners like the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Transportation’s Federal Railroad Administration, the security directives enhance cybersecurity for railroad operations across the country. The updates require TSA-specified passenger and freight railroad carriers to take action to protect their cyber infrastructure with a flexible, performance-based approach, consistent with TSA’s requirements for pipeline operators.

“TSA’s partnerships with CISA, FRA and the railroad industry have been, and will continue to be, instrumental in our work towards strengthening resilience and preventing harm,” Pekoske said.

The revised directives, Enhancing Rail Cybersecurity, and the revised SD series, Enhancing Public Transportation and Passenger Railroad Cybersecurity, include require testing a minimum of two objectives in covered owners and operators Cybersecurity Incident Response Plans every year. Additionally, the updates also require including employees identified as active participants in those plans as participants in the exercises.

A third updated directive, Rail Cybersecurity Mitigation Actions and Testing, also requires owners and operators to submit Cybersecurity Assessment Plans to TSA annually for review and approval, as well as report results from previous years using a schedule that assesses and audits specific cybersecurity measures every three years.

Liz Carey

Recent Posts

DHS publishes guidelines for securing critical infrastructure and weapons against AI threats

Mere days after the Department of Homeland Security formed a new Artificial Intelligence (AI) Safety…

13 hours ago

U.S. Army and European Command awards KBR $771M contract

KBR will continue to provide life support, equipment readiness, training and supply chain solutions for…

13 hours ago

Spectrum and National Security Act introduced to modernize spectrum policy, revamp FCC authority

In a bid to update federal spectrum and communications network policy, restore the auction authority…

2 days ago

Department of Homeland Security forms AI Safety and Security Board

As a new means to advise the Secretary of Homeland Security and stakeholders, and promote…

2 days ago

National security upgrades, pay raises and more pushed in Servicemember Quality of Life Improvement Act

Members of Congress recently paraded a mix of recommended updates to benefit military service members…

3 days ago

Embattled TikTok in jeopardy as President Biden signs legislative ban

The ByteDance-owned TikTok faces an uphill battle in the United States after President Joe Biden…

6 days ago

This website uses cookies.