TSA directives mandate railroad cybersecurity measures


The Transportation Security Administration (TSA) issued two security directives on Dec. 2 that mandate cybersecurity actions by passenger railroads, rail transit agencies and freight railroads, reports the Association of American Railroads.

Specifically, the directives mandate four categories of actions:

  • The appointment of primary and alternate cybersecurity coordinators with TSA
  • Reporting of cybersecurity incidents to the Department of Homeland Security‚Äôs (DHS) Cybersecurity and Infrastructure Security Agency (CISA)
  • Completion of a cybersecurity self-assessment
  • Development and implementation of a Cyber Incident Response Plan

Every Class I railroad and Amtrak, as well as many commuter and short line carriers, have chief information security officers and cybersecurity leads who will serve as the required cybersecurity coordinators. Read the entire press release.