Homeland Security Secretary Alejandro Mayorkas said that the Transportation Security Administration (TSA) will impose a new “security directive” for railroad and aviation industries in an effort to strengthen cybersecurity strategies, CNN reported Wednesday.
The cybersecurity regulations slated to be released by the end of the year will require critical transport and higher-risk railroad companies to disclose cyber incidents to the government, identify cyber officials and prepare contingency plans for cyberattacks.
"Reducing cybersecurity risk is in every organization's self-interest, especially considering the indiscriminate nature of ransomware," Mayorkas, a 2021 Wash100 Award recipient, said in a cybersecurity summit.
Railroad industry members, however, noted that they only had three business days to look at, evaluate and give feedback on the draft of the new security directive. A spokesperson for the Association of American Railroads said they are hoping that the “substantive comments” will be considered in the deliberations.
Earlier in May, the TSA ordered owners of critical pipeline companies to submit breach incident reports to the Cybersecurity and Infrastructure Security Agency following the May 7 Colonial Pipeline hack.
