U.S. rail and air operators will be required to report cybersecurity incidents under new Transportation Security Administration rules, Homeland Security Secretary Alejandro Mayorkas said on Wednesday.
TSA will issue directives later this year that will apply to “higher-risk railroad entities,” passenger and all-cargo airlines, and airport operators. The directives will require the appointment of cybersecurity coordinators, while rail entities will need to have contingency and recovery plans as well.
Mayorkas announced the new measures at the virtual Billington Cybersecurity Summit as ransomware attacks continue to proliferate across multiple industries.
“Ransomware attacks disrupted already-strained hospitals, schools, food suppliers and pipelines in addition to many other organizations that provide critical services,” he said. “These attacks revealed that what is at stake is not simply the way we communicate or the way we work, but the way we live.”
CSX and short-line operator OmniTrax were targeted in attacks by ransomware gangs earlier this year, though they did not cause any significant operational impact.
“Our freight rail system is essential not only to our economic well-being but also to the ability of our military to move equipment from ‘fort to port’ when needed,” Mayorkas said.
Under the TSA directives, cybersecurity incidents will have to be reported to the Cybersecurity and Infrastructure Security Agency (CISA).
Mayorkas said the TSA will take additional steps including the development of a “longer-term regime to strengthen cybersecurity and resilience in the transportation sector.”
The reporting requirements come amid a broader push for more transparency from companies targeted in ransomware attacks.
The Ransomware Disclosure Act, sponsored by U.S. Sen. Elizabeth Warren, D-Massachusetts, and U.S. Rep. Deborah Ross, D-North Carolina, would require victims to report ransomware payments within 48 hours of making them.
- Ransomware attack on Forward Air may have exposed sensitive employee data
- Claims of ransomware attacks on factoring firm eCapital shrouded in mystery
- Did hackers pull off a maritime ‘Colonial Pipeline 2.0’?