WASHINGTON — Major railroads and rail transit operators, along with airports and airlines, will be required to improve cybersecurity under a new directive from the Transportation Security Administration.
Reuters reports that Homeland Security Secretary Alejandro Mayorkas said Wednesday that the companies and agencies will be required to name a chief cyber official, disclose hacks to the government, and draft recovery plans for a potential cyberattack.
The move follows a breach of the computer systems of New York’s Metropolitan Transportation Authority in June [see “Digest: Amtrak Capitol Corridor service to increase …,” Trains News Wire, June 3, 2021] as well as a 2020 ransomware attack on the Southeastern Pennsylvania Transportation Authority. It also comes after an attack on an oil pipeline earlier this year that triggered gas shortages in the eastern U.S., leading to new rules for pipeline owners.
The directive will be effective later this year.
A spokeswoman for the Association of American Railroads told Bloomberg that the rail industry had been given just three days to review and comment on the draft version of the directive, and that it would require railroads to take actions “that have long been in place.
“AAR hopes the substantive comments provided will be thoroughly considered in the decision on whether to proceed with the directive and to ensure any actions taken enhance, not hinder, coordinated cybersecurity efforts,” spokeswoman Jessica Kahanek said in a statement.
Share this article
