US Issues Cybersecurity Directive for Airlines and Railroads

US Issues Cybersecurity Directive for Airlines and Railroads

Nearly all railroads and airlines in the United States have been ordered to report cybersecurity breaches to the federal government. 

Under the new Transportation Security Administration–issued mandate, rail operators, airport operators, and airline operators will be required to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency within 24 hours of detection.

All three types of operators will also have to designate a cybersecurity coordinator. The mandate applies to both passenger and freight railroads.

Other requirements included in the mandates are that railroad operators must complete a vulnerability review to determine how susceptible they are to cyber-attacks. They must also create and implement a cybersecurity incident response plan.

The fresh security regulations were announced by senior officials at the US Department of Homeland Security (DHS) on Thursday and will come into force on the last day of this month. 

“Cybersecurity incidents affecting transportation are a growing, evolving and persistent threat,” Victoria Newhouse, TSA’s deputy assistant administrator, told the House Transportation Committee on Thursday. 

“Across US critical infrastructure, cyber threat actors have demonstrated their willingness and ability to conduct malicious cyber activities targeting critical infrastructure by exploiting the vulnerability of operational technology and information technology systems.”

Read More: