The Transportation Security Administration (TSA) has proposed new cybersecurity rules aimed at enhancing protections for the nationโs critical transportation infrastructure. This proposed rule formalizes directives previously issued to pipeline and railroad operators following the 2021 Colonial Pipeline ransomware attack, which caused significant disruptions along the East Coast. These regulations mandate that certain transportation operators report cyber incidents and establish comprehensive cyber risk management (CRM) plans to protect against and respond to cyber threats.
Key Provisions of the Proposed Rule:
- Mandatory Cyber Incident Reporting: The new rule requires transportation operators to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA).
- Comprehensive Cyber Risk Management Plans: Affected organizations must implement and maintain comprehensive cyber risk management (CRM) strategies to defend against and respond to evolving threats.
- Annual Cybersecurity Evaluations: Operators must conduct yearly cybersecurity assessments to identify vulnerabilities and ensure that their networks are resilient to cyberattacks.
- Incident Response Plans: Operators are also required to maintain robust, well-defined plans for responding to cybersecurity incidents.
The TSA estimates that these new regulations could impact around 300 transportation operators, costing the industry over $2.1 billion over the next decade.
Collaboration with Industry Stakeholders
In developing these rules, the TSA worked closely with industry stakeholders to ensure flexibility in the regulations. The aim is to empower operators to tailor cybersecurity measures to their specific needs while enhancing overall resilience against cyber threats.
The Threat Landscape
The TSA highlighted the increasing threat posed by nation-state actors, such as Russia and China, along with criminal groups targeting U.S. transportation systems. The use of advanced technologies, such as artificial intelligence in cyberattacks, has further escalated risks, driving the need for more robust, proactive cybersecurity measures.
Related Post
Conclusion
With a public comment period open until February 5, TSA is seeking further input from industry partners to refine the rule. The agency noted that threats from countries like Russia and China and the potential use of advanced technologies such as artificial intelligence in cyberattacks necessitate a permanent, proactive approach to securing the transportation sector. The TSA views these regulations as essential to reducing risks and strengthening the cybersecurity posture of the nationโs surface transportation infrastructure.
