Securing transportation against hackers

Lawmakers are split on the next steps that should be taken to secure key transportation avenues like air and rail against cyber threats.

Alarms about the risks to transportation have grown louder since the Colonial Pipeline hack, but lawmakers disagree over whether directives from the Transportation Security Administration (TSA) go too far or not far enough.

Lawmakers are focused on threats to pipelines, rail transit and aviation.

Background: After the Colonial hike caused crippling gas shortages in multiple states in May, the TSA issued two directives to secure pipelines.

Homeland Security Secretary Alejandro Mayorkas announced earlier this month that the TSA would soon issue security directives for rail and aviation, which will require higher-risk transit entities to report cybersecurity incidents to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, among other measures.

Multiple transportation-related organizations have been the victims of cyberattacks in recent years. The New York Times reported that computer systems for New York’s Metropolitan Transportation Authority were hacked by Chinese-linked hackers in April, while the Port of Houston was hit by a cyberattack this past summer.

Process concerns: But while most officials agree on the need to prioritize cybersecurity after a year that has seen a concerning rise in ransomware and other cyberattacks against critical infrastructure, the speed and process around the directives being put out is worrying to some.