Report: Rail Cybersecurity Regs on the Way

Cybersecurity improvements at “the most important” U.S. railroad, rail transit, airport and aircraft operators will be required later this year by the Transportation Security Administration (TSA), according to a Reuters report.

TSA regulations will “make it mandatory” for the groups to “name a chief cyber official, disclose hacks to the government and draft recovery plans for if an attack were to occur,” Reuters reported.

Homeland Security Secretary Alejandro Mayorkas on Oct. 6 announced the move, which follows the May 7, 2021 ransomware cyberattack on the Colonial Pipeline system, leading to new cybersecurity rules for pipeline owners; reports in June 2021 of computer system hacking at New York Metropolitan Transportation Authority; and an August 2020 ransomware attack on the Southeastern Pennsylvania Transportation Authority, according to Reuters.

Quoting a senior homeland security official who did not want to be named, the rail and aviation requirements action is “the first of its kind with respect to the cyber focus,” Reuters reported. TSA in September “notified the private sector about the impending regulations, said the senior official, and the agency is currently receiving feedback.”