(AGENPARL) – mer 19 ottobre 2022 PRESS RELEASE
FOR IMMEDIATE RELEASE October 18, 2022
TSA issues new cybersecurity requirements for passenger and freight railroad carriers
Requirements seek to enhance cybersecurity resilience by focusing on performance-based measures.
“The nation’s railroads have a long track record of forward-looking efforts to secure their network against cyber threats and have worked hard over the past year to build additional resilience, and this directive, which is focused on performance-based measures, will further these efforts to protect critical transportation infrastructure from attack,” said TSA Administrator David Pekoske. “We are encouraged by the significant collaboration between TSA, FRA, CISA and the railroad industry in the development of this security directive.”
The security directive requires that TSA-specified passenger and freight railroad carriers take action to prevent disruption and degradation to their infrastructure to achieve the following critical security outcomes:
– Develop network segmentation policies and controls to ensure that the Operational Technology system can continue to safely operate in the event that an Information Technology system has been compromised and vice versa;
– Create access control measures to secure and prevent unauthorized access to critical cyber systems;
– Build continuous monitoring and detection policies and procedures to detect cybersecurity threats and correct anomalies that affect critical cyber system operations; and
– Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers, and firmware on critical cyber systems in a timely manner using a risk-based methodology.
Passenger and freight railroad carriers are required to:
– Establish and execute a TSA-approved Cybersecurity Implementation Plan that describes the specific cybersecurity measures the passenger and freight rail carriers are utilizing to achieve the security outcomes set forth in the security directive.
– Establish a Cybersecurity Assessment Program to proactively test and regularly audit the effectiveness of cybersecurity measures and identify and resolve vulnerabilities within devices, networks, and systems.
Transportation Security Administration was created to strengthen the security of the nation’s transportation systems and ensure the freedom of movement for people and commerce. TSA uses a risk-based strategy and works closely with transportation, law enforcement and intelligence communities to set the standard for excellence in transportation security.
—————————————————————