WASHINGTON, D.C. (WWLP)– The Transportation Security Administration (TSA) has updated three cybersecurity directives (SD) for passenger and freight railroad carriers.
The directives provide for enhanced cybersecurity defense for the country’s railroad operations including transportation systems and infrastructure protections.
The revised security directives require covered owners and operators to test a minimum of two objectives in their Cybersecurity Incident Response Plan every year. They also require including employees who have been identified by their positions as active participants in these exercises.
“The renewal is the right thing to do to keep the nation’s railroad systems secure against cyber threats, and these updates sustain the strong cybersecurity measures already in place for the railroad industry,” said TSA Administrator David Pekoske. “TSA’s partnerships with CISA, FRA and the railroad industry have been, and will continue to be, instrumental in our work towards strengthening resilience and preventing harm.”
The plans were created with input from multiple agencies including the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Transportation’s Federal Railroad Administration (FRA), as well as the railroad industry.
The revised directives were set to expire on October 24, 2023, and have been renewed for one year. Learn more about the TSA’s security directives and guidance documents using the TSA Cybersecurity Toolkit.
