DHS: Cybersecurity coordinators and vulnerability assessments mandatory for rail companies

The Department of Homeland Security (DHS) announced two new cybersecurity directives handed down by the Transportation Security Administration (TSA) on Thursday designed to better protect freight railroads and passenger rail transit in the US.

TSA said rail services are “higher risk” and that the new rules “need to be issued immediately to protect transportation security.”

The new rules make it mandatory for rail company owners and operators to have a cybersecurity coordinator, report cybersecurity attacks to CISA in 24 hours or less, and create a cybersecurity incident response plan. The rules also require owners to complete cybersecurity vulnerability assessments.

DHS also detailed voluntary measures to improve cybersecurity across the transportation sector following a series of attacks over the last two years. 

“These new cybersecurity requirements and recommendations will help keep the traveling public safe and protect our critical infrastructure from evolving threats,” said Secretary of Homeland Security Alejandro Mayorkas. “DHS will continue working with our partners across every level of government and in the private sector to increase the resilience of our critical infrastructure nationwide.” 

These are just the latest cybersecurity directives handed down by DHS this year, as the agency seeks to charge government-adjacent industries to improve their cybersecurity measures. 

Following multiple attacks on critical infrastructure

Read More: https://www.zdnet.com/article/dhs-releases-new-rules-for-rail-companies-forces-incident-reporting-to-cisa-in-24-hours-and-mandates-cybersecurity-coordinator-position/#ftag=RSSbaffb68