DHS Announces New Cybersecurity Requirements for Surface Transportation Owners and Operators
The Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) announced two new security directives for measures to strengthen cybersecurity resilience in the transportation industry to protect against threats to critical infrastructure. In a statement issued by DHS, Secretary of Homeland Security Alejandro Mayorkas stated, “These new cybersecurity requirements and recommendations will help keep the traveling public safe and protect our critical infrastructure from evolving threats.”
The new directives that need to be implemented under the TSA specify controls apply to freight railroads, passenger rails and rail transit. Other lower risk transportation operators are simply encouraged to voluntarily implement the controls. These controls require critical infrastructure transportation operators to:
- Designate a cybersecurity coordinator
- Report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours;
- Develop and implement a cybersecurity incident response plan to reduce the risk of an operational disruption; and,
- Complete a cybersecurity vulnerability assessment to identify potential gaps or vulnerabilities in their systems.
In addition, the TSA updated directives for aviation security that require airports and airline operators to implement the first two controls of the directive above, designating a cybersecurity coordinator and reporting all cybersecurity incidents to CISA within 24 hours.
The press release can be found at: https://www.dhs.gov/news/2021/12/02/dhs-announces-new-cybersecurity-requirements-surface-transportation-owners-and
The various directives and cybersecurity resources can be found at: https://www.tsa.gov/for-industry/surface-transportation-cybersecurity-toolkit