The Transportation Security Administration (TSA) has taken action to bolster cybersecurity in the passenger and freight railroad sector by renewing critical directives that were set to expire. These directives, divided into three distinct rules, require operators to annually test elements of their cybersecurity incident response plans, provide updated cybersecurity assessment plans, and report on the effectiveness of their efforts.
Furthermore, the directives mandate the development of network segmentation policies, access control measures, threat detection policies, and timely patching processes for operating systems, applications, drivers, and firmware to enhance cyber resilience. TSA Administrator David Pekoske emphasized the importance of this renewal in safeguarding the nation’s railroad systems against evolving cyber threats, highlighting the collaborative efforts with the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Railroad Administration.
The origins of these regulations can be traced back to October 2021, prompted by the Colonial Pipeline ransomware attack, which thrust cybersecurity into the federal government’s spotlight. The rules were first renewed last October alongside additional measures, and the latest renewal, issued on Monday, extends the regulations for another year.
Additionally, in response to criticism from experts and stakeholders who found the initial regulations too prescriptive, TSA officials revised the rules in 2022, shifting the focus to performance-based criteria, offering critical infrastructure organizations various methods to protect against operational disruptions and degradation.
The rail industry has experienced a series of cyberattacks in recent years, including ransomware attacks, data breaches, and hacking incidents. These incidents have raised alarms about potential vulnerabilities in critical systems and the potential for backdoors left by cybercriminals.
Given the ongoing threats posed by nations like Russia and China, TSA and CISA officials have cautioned against potential destructive or disruptive cyberattacks on American pipelines, railroads, and other critical infrastructure, particularly in the context of a potential invasion of Taiwan. The renewal of these directives underscores the significance of safeguarding the rail industry and critical infrastructure in an increasingly digitized and interconnected world.