comscore TSA requires U.S. rail and airports to strengthen cybersecurity | Honolulu Star-Advertiser
News

TSA requires U.S. rail and airports to strengthen cybersecurity

  • ASSOCIATED PRESS / 2020
                                TSA officers wear protective masks at a security screening area at Seattle-Tacoma International Airport Monday, in SeaTac, Wash.

    ASSOCIATED PRESS / 2020

    TSA officers wear protective masks at a security screening area at Seattle-Tacoma International Airport Monday, in SeaTac, Wash.

RICHMOND, Va. >> The Transportation Security Administration is issuing new directives and recommendations aimed at strengthening the cybersecurity defenses of U.S. rail and airport operators.

The Biden administration said the requirements made public Thursday are part of a broader effort at protecting the nation’s critical infrastructure from ongoing cyberespionage and a surge in disruptive ransomware attacks.

“These new cybersecurity requirements and recommendations will help keep the traveling public safe,” Homeland Security Secretary Alejandro Mayorkas said in a statement. He had previously previewed the new regulations in October.

The new TSA directives require most passenger and freight rail operators to identify a cybersecurity point person, report incidents within 24 hours to the Cybersecurity and Infrastructure Security Agency, conduct a vulnerability assessment and develop a contingency and recovery plan in case of malicious cyber activity. They go into effect at the end of the year and the TSA said it is making similar changes to requirements for airport operators.

The TSA said it is recommending but not mandating cybersecurity requirements to some smaller and lower-risk rail and airport operators.

The new regulations are similar to ones issued in May for pipeline operators following the Colonial Pipeline ransomware attack that disrupted gas supplies in several states.

Republican lawmakers have expressed concern that the TSA has crafted new cybersecurity directives without enough transparency and input from affected industries.

“We believe that care must be taken to avoid unnecessarily burdensome requirements that shift resources away from responding to cyberattacks to regulatory compliance,” a group of Republican senators said in an October letter to DHS’ Office of Inspector General asking for a review of TSA’s process for developing new cybersecurity regulations.

Victoria Newhouse, a TSA deputy assistant administrator, said at a congressional hearing Thursday that the agency had worked closely with private industry officials in crafting the regulations. She said that included a classified briefing with freight and passenger rail executives earlier this week to share intelligence reports about cyber threats to their industry and to solicit input on regulations.

The Biden administration has been pushing aggressively for greater private sector reporting of cyber incidents to the federal government. The Justice Department recently indicated it would sue government contractors and other companies who receive U.S. government grants if they fail to report breaches of their computer systems or misrepresent their cybersecurity practices.

Comments (0)

By participating in online discussions you acknowledge that you have agreed to the Terms of Service. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. If your comments are inappropriate, you may be banned from posting. Report comments if you believe they do not follow our guidelines.

Having trouble with comments? Learn more here.

Click here to see our full coverage of the coronavirus outbreak. Submit your coronavirus news tip.

Be the first to know
Get web push notifications from Star-Advertiser when the next breaking story happens — it's FREE! You just need a supported web browser.
Subscribe for this feature

Scroll Up