October 6, 2021
(Reuters)-The Transportation Security Administration will introduce regulations that force the most important US rail and airport operators to improve cybersecurity procedures, Homeland Security Secretary Alejandro Mallorcas said Wednesday.
With future changes, “risk” railroad carriers and “significant” US airport and aircraft operators will nominate cyber chief officials, disclose hacks to the government, and draft recovery plans in the event of an attack. You are obliged to do three things. Can occur.
Planned regulations occur after cybercriminals attack major US pipeline operators https://www.reuters.com/business/colonial-pipeline-ceo-tells-senate-cyber- defenses-were-compromised-ahead-hack-2021-06-08, caused a local gas shortage along the east coast of the United States in May. The incident led to new cybersecurity rules for pipeline owners in July.
“Our transportation system, whether by air, land or sea, is of paramount importance to national and economic security,” says Mallorcus. “Last half last year was a strong indication that we were at stake.”
A key concern that motivates the new policy is the rise in ransomware attacks on critical infrastructure companies.
“This is the first time for cyberfocus,” said a senior Homeland Security official who wasn’t named about the railroad security directive and the update of the aviation security program.
“We are always vigilant against this global threat and ensure compliance with TSA regulations,” said Rafail Portnoy, Chief Technology Officer, Metropolitan Transportation Authority, New York City.
The trade group Airlines for America said the issue was important to them and said they were already working closely with TSA and other agencies on cybersecurity and “want to reduce potential duplicate reports.”
Ransomware, a type of malware that encrypts damaged systems until the owner pays the hacker a ransom in the form of cryptocurrency, has become more and more common in recent years.
“If transportation doesn’t work and people can’t go from A to B, it can create pressure pretty quickly (to pay the ransom),” said a senior official.
The announcement was made at https://www.nytimes.com/2021/06/02/nyregion/mta-cyber-attack.html in June with a Chinese hacking group that invaded the Metropolitan Transportation Authority in New York City. Following the report of the August 2020 ransomware attack. https://www.inquirer.com/transportation/septa-malware-attack-employees-riders-app-announcements-20200824.html Causes a service interruption for the Southeastern Pennsylvania Transportation Authority.
The Department of Homeland Security, along with other federal agencies, including the FBI, assisted in investigating the MTA case.
Last month, the TSA notified the private sector of imminent regulation, officials said, and the agency is currently receiving feedback.
The regulation will come into effect by the end of 2021.
(Report by Christopher Bing, additional report by David Shepherdson, edited by Diane Craft and Alistair Bell)
U.S. tells key railroads and airlines to report hacks and nominates cyber chief
Source link U.S. tells key railroads and airlines to report hacks and nominates cyber chief