The Transportation Security Administration (TSA) recently announced that it will soon implement new cybersecurity requirements on the railroad and airline industries. To many, this comes as no surprise, as critical infrastructure has been subject to a slew of high-profile cybersecurity attacks this past year. The new directives will all but waive existing voluntary cybersecurity measures for these industries in favor of a mandatory cybersecurity baseline. These new guidelines will be implemented by the end of the year, and fines will be imposed on noncompliant contractors and entities.
The Railroad Industry: Now, TSA will require higher-risk railroads to report cyber incidents to a federal agency. Creating cybersecurity point persons and contingency and recovery plans are also part of the forthcoming security directive.
The Airline Industry: As for the airline industry, the TSA will require designated cybersecurity coordinators and reports on cyber incidents to the Cybersecurity and Infrastructure Agency. Entities ordered to follow these new guidelines include critical US airport operators, passenger aircraft operators, and all-cargo aircraft operators.
Though many are familiar with the Colonial Pipeline hack that disrupted access to gas and created a hike in prices, different incidents’ have been of particular concern to policy makers. The Southeastern Pennsylvania Transportation Authority, Cape Cod’s ferry services, and New York City’s Metropolitan Transportation Authority have all been hit with similar malware in the past 2 years, demonstrating the importance of securing the nation’s critical transportation services. If you’re concerned about malware hitting your business, reach out to us at firstname.lastname@example.org or call us at (703) 790-0400.