The Transportation Security Administration (TSA) announced a new cybersecurity security directive regulating designated passenger and freight railroad carriers, an extension to the recently announced funding to strengthen port infrastructure and the overall supply chain sector.
“The nation’s railroads have a long track record of forward-looking efforts to secure their network against cyber threats and have worked hard over the past year to build additional resilience, and this directive, which is focused on performance-based measures, will further these efforts to protect critical transportation infrastructure from attack,” says TSA administrator David Pekoske. “We are encouraged by the significant collaboration between TSA, FRA, CISA and the railroad industry in the development of this security directive.
- The security directive requires that TSA-specified passenger and freight railroad carriers take action to prevent disruption and degradation to their infrastructure to develop network segmentation policies and controls, create access control measures to secure and prevent unauthorized access, building continuous monitoring and detection policies and procedures and reduce the risk of exploitation of unpatched systems.
- Through this security directive, TSA continues to take steps to protect transportation infrastructure in the current threat environment. TSA also intends to begin a rulemaking process, which would establish regulatory requirements for the rail sector following a public comment period.