TSA to issue cybersecurity directives to secure rail, aviation sectors

The Transportation Security Administration (TSA) will soon issue regulations to further secure rail transit and airline companies against cyber threats, Homeland Security Secretary Alejandro Mayorkas announced Wednesday.

“To strengthen the cybersecurity of our railroads and rail transit, TSA will issue a new security directive this year that will cover higher-risk railroad and rail transit entities,” Mayorkas, whose agency includes TSA, said during a virtual address at the Billington Cybersecurity Summit.

According to Mayorkas, the directive will require these groups to “identify a cybersecurity point person” charged with reporting cybersecurity incidents to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), along with establishing “contingency and recovery plans” in the case of cyberattacks.

Aviation involved too: In addition, Mayorkas announced that TSA will also issue regulations to shore up cybersecurity in the aviation sector.

“TSA will require critical U.S. airport operators, passenger aircraft operators, and all cargo aircraft operators to designate a cybersecurity coordinator and report cyber incidents to CISA,” Mayorkas said. “TSA will expand the covered entities gradually to other relevant entities and consider additional measures over time.”

Rules already in place: The new rules come after TSA earlier this year issued two security directives to secure pipelines against cyberattacks following the devastating ransomware attack on Colonial Pipeline in May, which led to temporary fuel shortages in multiple states.