- 5 easy ways to transfer photos from your Android device to your Windows PC
- How to get Google's new Pixel 9a for free
- Just installed iOS 18.4? Changing these 3 features made my iPhone much better to use
- 7 strategic insights business and IT leaders need for AI transformation in 2025
- The most underrated robot vacuum I've ever tested is now 60% off
US Issues Cybersecurity Directive for Airlines and Railroads
Nearly all railroads and airlines in the United States have been ordered to report cybersecurity breaches to the federal government.
Under the new Transportation Security Administration–issued mandate, rail operators, airport operators and airline operators will be required to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency within 24 hours of detection.
All three types of operators will also have to designate a cybersecurity coordinator. The mandate applies to both passenger and freight railroads.
Other requirements included in the mandates are that railroad operators must complete a vulnerability review to determine how susceptible they are to cyber-attacks. They must also create and implement a cybersecurity incident response plan.
The fresh security regulations were announced by senior officials at the US Department of Homeland Security (DHS) on Thursday and will come into force on the last day of this month.
“Cybersecurity incidents affecting transportation are a growing, evolving and persistent threat,” Victoria Newhouse, TSA’s deputy assistant administrator, told the House Transportation Committee on Thursday.
“Across US critical infrastructure, cyber threat actors have demonstrated their willingness and ability to conduct malicious cyber activities targeting critical infrastructure by exploiting the vulnerability of operational technology and information technology systems.”
Several cyber-attacks targeting the rail sector have been reported over the past twelve months. They include a ransomware strike on Toronto’s transit agency, a breach of New York’s Metropolitan Transportation Authority’s computer systems and an attack on the Transportation Authority in Ann Arbor, Michigan.
The new rules echo similar mandates directed at improving the security of America’s pipelines, which the Biden administration issued in the wake of the cyber-attack on Colonial Pipeline.
“These new cybersecurity requirements and recommendations will help keep the traveling public safe and protect our critical infrastructure from evolving threats,” Department of Homeland Security Secretary Alejandro Mayorkas said.
“DHS will continue working with our partners across every level of government and in the private sector to increase the resilience of our critical infrastructure nationwide.”
The Wall Street Journal reports that the new mandates will affect roughly 90% of passenger rail systems in the US and 80% of freight railways.
