TSA Implements New Cyber Security Directive
News / TSA Implements New Cyber Security Directive
1 MIN READ
Cyber attacks against the transportation sector have proven to be a growing threat and the capability to cause catastrophic physical consequences through virtual means is just one of the many reasons that the United States is cracking down on cyber crime.
Since the damaging ransomware attack on the Colonial Pipeline in May earlier this year, authorities in the United States have been scrambling to implement measures to protect critical infrastructure from cyber attacks. As of an announcement that came from the Biden Administration on Thursday, all US airlines and railroads will have to report cyber breaches to the federal government.
Due to the new Transportation Security Administration (TSA) mandates, rail operators, as well as airline and airport operators, will be required to designate a cyber security coordinator and report cyber security incidents to the Cyber security and Infrastructure Security Agency (CISA) within 24 hours of a breach. They will also need to complete a vulnerability assessment and develop an incident response plan.
After the announcement of the directives, the Secretary of Homeland Security stated that the new cyber security requirements would help keep travelling safe for the public and protect critical infrastructure from advanced persistent and evolving threats. However, Republican lawmakers have expressed concern that the TSA has implemented new cyber security directives without enough transparency and input from other affected industries.
Following the ransomware attack on Colonial Pipeline in May, the TSA issued two new security directives regarding cyber security requirements on the pipeline industry and since the implementation of these directives pipeline operators have reported 591 cyber incidents, according to the Department of Homeland Security.
The Justice Department indicated that it would sue government contractors and other companies that receive U.S. government grants if they fail to report cyber breaches or misrepresent their cyber security practices.
How secure is
your business?
How secure is
your business?