[TheRecord] TSA to issue new cyber regulations for rail, aviation sectors

The Transportation Safety Administration will issue cybersecurity regulations later this year for “higher-risk’’ railroad and rail transit systems and the aviation sector, Homeland Security Secretary Alejandro Mayorkas announced on Wednesday.

The forthcoming rules from the Homeland Security Department component mark the Biden administration’s latest steps to boost the cyber defenses of critical infrastructure operators against hacks after the high-profile ransomware attack on the Colonial Pipeline. 

TSA issued two security directives to secure pipelines against breaches following the incident, which sparked temporary fuel shortages along the eastern seaboard. President Joe Biden also signed a far-reaching executive order designed to improve federal cybersecurity and congressional lawmakers are pushing new incident reporting legislation.

“Reducing cybersecurity risk is in every organization’s self-interest, especially considering the indiscriminate nature of ransomware,” DHS Secretary Alejandro Mayorkas said during a virtual appearance at the Billington CyberSecurity Summit. Reuters first reported the new regulations.

The directive will require railroad operators and rail transit companies to “identify a cybersecurity point person” charged with reporting incidents to the Cybersecurity and Infrastructure Security Agency. Entities will also have to create “contingency and recovery plans” in the event of cyberattacks.

For “lower-risk surface entities” TSA will “issue separate guidance that encourages, rather than requires, these entities to take the same measures,” according to Mayorkas.

In terms of the aviation sector, TSA will mandate “critical U.S. airport operators, passenger aircraft operators, and all cargo aircraft operators” to designate a cybersecurity coordinator and report cyber incidents to CISA,” he said, adding the aviation regulations would come out around the time DHS wraps a surface transportation cybersecurity sprint it launched last month.

TSA will expand the pool of covered entities “gradually” and “consider additional measures over time,” the DHS chief said.

The post TSA to issue new cyber regulations for rail, aviation sectors appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ThreatPost] Takeaways from the Colonial Pipeline Ransomware Attack

All posts, ThreatPost

Hank Schless, senior manager of security solutions at Lookout, notes basic steps that organizations can take to protect themselves as ransomware gangs get smarter. Source: Read More (Threatpost)

Read More

[ZDNet] Antivirus software, explained

All posts, ZDNet

Antivirus software isn’t enough to protect our devices and accounts any longer, but it still provides a key layer of defense. Source: Read More (Latest topics for ZDNet in Security)

Read More

[ZDNet] Why you need to update your iPhone and iPad now

All posts, ZDNet

Don’t leave it until the weekend. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.