Earlier this year, a ransomware attack on the Colonial pipeline severely interrupted the country’s fuel distribution system. In response, regulations were implemented in May that strengthened the cybersecurity infrastructure of the pipeline system.
In light of this recent upsurge in data breaches and ransomware attacks that have victimized multinational corporations, institutions, and companies. The U.S. Transportation Security Administration (TSA) is now also protecting the nation’s passengers and the companies that convey them. The Biden administration recently issued a series of recommendations and directives designed to bolster the country’s digital underpinnings to protect it against attack.
Most notably, the updated regulations hold passenger and freight operators accountable by requiring them to become intentional about their cybersecurity. To accomplish this, each major provider must now appoint a specific person or team to assess cybersecurity. Should an incident occur, it must be reported within 24 hours to the Cybersecurity and Infrastructure Security Agency. Additionally, all companies are expected to assess their digital assets, practices, and procedures to identify and address vulnerabilities. Finally, each must create and implement a plan that addresses how the organization will recover from the breach and alternative contingency strategies to minimize service interruptions.
These rail carrier-related measures will take effect at the end of the year, with similar action plans soon required at large airports. The TSA still recommends making cybersecurity a priority for smaller rail and airport operators who do not fall under the mandates.
Not all lawmakers in Washington are in favor of this TSA initiative. Some Republican officials are concerned that the regulations were pushed through without sufficient transparency and feedback from industry stakeholders. Concern was also centered on a fear that financial assets and attention would be focused more on regulatory compliance than on addressing the cyber threats directly. The TSA answered these criticisms by maintaining that the regulations were only enacted after extensive consultation with industry executives and other officials.
