Richmond, Virginia (AP) —The Department of Transportation Security has issued new directives and recommendations aimed at strengthening cybersecurity defenses for US rail and airport operators.
The Biden administration said the requirements, published Thursday, are part of a broader effort to protect the country’s critical infrastructure from an ongoing surge in cyber spying and devastating ransomware attacks.
“These new cybersecurity requirements and recommendations will help keep travelers safe,” Homeland Security Secretary Alejandro Mallorcas said in a statement. He had previously previewed the new regulation in October.
Under the new TSA directive, most passenger and freight rail operators identify cybersecurity point personnel, report incidents to the Cybersecurity and Infrastructure Security Agency within 24 hours, conduct vulnerability assessments, and perform malicious intent. You need to develop an emergency and recovery plan in the event of a cyber activity. They said they came into effect at the end of the year and the TSA has made similar changes to the requirements of airport operators.
The TSA said it recommends, but does not require, cybersecurity requirements for some small, low-risk rail and airport operators.
The new regulations are similar to those issued in May to pipeline operators following a Colonial Pipeline ransomware attack that disrupted gas supplies in some states.
Republican lawmakers have expressed concern that TSA has created a new cybersecurity directive without sufficient transparency and input from the affected industries.
“We believe we need to be careful to avoid the unnecessarily burdensome requirements of shifting resources from responding to cyberattacks to regulatory compliance,” a group of Republican senators said in October. A letter to the Senate asked for a review of the TSA process. To develop new cybersecurity regulations.
Victoria Newhouse, deputy administrator of the TSA, said at a parliamentary hearing Thursday that authorities were working closely with private industry officials in developing the regulation. She said she shared an intelligence report on cyber threats to the industry, including a confidential briefing with freight and passenger railroad executives earlier this week, and solicited regulatory views.
The Biden administration has been actively promoting more private sector reporting of cyber incidents to the federal government. The Department of Justice has recently announced that government contractors and other companies that have received U.S. government grants will sue if they do not report computer system breaches or misrepresent cybersecurity practices. rice field.
Suggest a fix
TSA needs railroads and airports to enhance cybersecurity | WGN Radio 720
Source link TSA needs railroads and airports to enhance cybersecurity | WGN Radio 720