The US Transportation Security Administration (TSA) have announced a new cyber-security directive regulating designated passenger and freight railroad carriers. The announcement demonstrates the Biden Administration’s commitment to strengthen the cyber-security of US critical infrastructure. Building on the TSA’s work to strengthen defenses in other transportation modes, this security directive will further enhance cyber-security preparedness and resilience for the nation’s railroad operations.[1]
Developed with extensive input from industry stakeholders and federal partners, including the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Transportation’s Federal Railroad Administration (FRA), this Enhancing Rail Cybersecurity – SD 1580/82-2022-01[2] strengthens cyber-security requirements and focuses on performance-based measures to achieve critical cyber-security outcomes.
“The nation’s railroads have a long track record of forward-looking efforts to secure their network against cyber threats and have worked hard over the past year to build additional resilience, and this directive, which is focused on performance-based measures, will further these efforts to protect critical transportation infrastructure from attack,” an administrator for TSA, said. “We are encouraged by the significant collaboration between TSA, FRA, CISA and the railroad industry in the development of this security directive.
The security directive requires that TSA-specified passenger and freight railroad carriers take action to prevent disruption and degradation to their infrastructure to achieve the following critical security outcomes:
- Develop network segmentation policies and controls to ensure that the Operational Technology system can continue to safely operate if an Information Technology system has been compromised and vice versa.
- Create access control measures to secure and prevent unauthorized access to critical cyber systems.
- Build continuous monitoring and detection policies and procedures to detect cyber-security threats and correct anomalies that affect critical cyber system operations.
- Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers, and firmware on critical cyber systems in a timely manner using a risk-based methodology.
Passenger and freight railroad carriers are required to:
- Establish and execute a TSA-approved Cybersecurity Implementation Plan that describes the specific cyber-security measures the passenger and freight rail carriers are utilizing to achieve the security outcomes set forth in the security directive
- Establish a Cybersecurity Assessment Program to proactively test and regularly audit the effectiveness of cyber-security measures and identify and resolve vulnerabilities within devices, networks, and systems.
This is the latest in TSA’s performance-based security directives; previous security directives include requirements such as reporting significant cyber-security incidents to CISA, establishing a cyber-security point of contact, developing, and adopting a cyber-security incident response plan, and completing a cyber-security vulnerability assessment. Through this security directive, US TSA continues to take steps to protect transportation infrastructure in the current threat environment. TSA also intends to begin a rulemaking process, which would establish regulatory requirements for the rail sector following a public comment period.[3]
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.globalrailwayreview.com/news/138501/new-cyber-security-directives-issued-to-u-s-railroad-carriers/
[2] https://www.tsa.gov/sites/default/files/sd-1580-82-2022-01.pdf
[3] https://www.law360.com/cybersecurity-privacy/articles/1541198/white-house-issues-new-cybersecurity-rules-for-railroads/
Comments