Watch Now


TSA directs freight railroads to bolster cybersecurity, report incidents

Directive addresses some industry concerns, AAR says

Freight rail operators will need to report cyber incidents within 24 hours starting Dec. 31. (Photo: Jim Allen/FreightWaves)

Freight railroads will be required to report cyber incidents within 24 hours as part of a new Transportation Security Administration directive issued Thursday aimed at strengthening cybersecurity in the sector.

The directive, which takes effect Dec. 31, also mandates that all freight rail operators designate a cybersecurity coordinator, develop an incident response plan and conduct a vulnerability assessment. TSA also issued similar directives for passenger rail and public transit operators.

“These new cybersecurity requirements and recommendations will help keep the traveling public safe and protect our critical infrastructure from evolving threats,” Homeland Security Alejandro Mayorkas, who previewed the measure in October, said in a statement. “DHS will continue working with our partners across every level of government and in the private sector to increase the resilience of our critical infrastructure nationwide.”

The Association of American Railroads said the final directive had addressed some of its most significant concerns. The association said the industry had already been taking cybersecurity security seriously.


“For the better part of two decades, railroads have thoughtfully coordinated with each other and government officials to enhance information security, which has proven to be an effective, responsive way of addressing evolving threats,” AAR President and CEO Ian Jefferies said in a statement. 

“Let there be no mistake — railroads take these threats seriously and value our productive work with government partners to keep the network safe.”

The new cybersecurity requirements come as ransomware attacks continue to target companies across the country, sometimes with devastating impacts on operations. 

While no U.S. freight railroad has experienced a catastrophic incident, CSX and short-line operator OmniTrax were targeted in ransomware attacks earlier this year.


Read more

Click for more FreightWaves articles by Nate Tabak

One Comment

  1. Louise CCzapla

    [ JOIN US ] I get paid more than $30 to $87 per hour for working online. I heard about this job 3 months ago and after joining this I have earned easily $10k from this without having online working skills . Simply give it a shot on the accompanying site…
    copy and open this site .…………>> http://Www.NETCASH1.Com

Comments are closed.

Nate Tabak

Nate Tabak is a Toronto-based journalist and producer who covers cybersecurity and cross-border trucking and logistics for FreightWaves. He spent seven years reporting stories in the Balkans and Eastern Europe as a reporter, producer and editor based in Kosovo. He previously worked at newspapers in the San Francisco Bay Area, including the San Jose Mercury News. He graduated from UC Berkeley, where he studied the history of American policing. Contact Nate at ntabak@freightwaves.com.