The Transportation Security Administration will soon issue new rules designed to better prepare transit agencies and airlines for cyberattacks.
Under the new directive, railroads and railroad-related entities deemed “high-risk” will be required to appoint a person in charge of cyber security, Homeland Security Secretary Alejandro Meyercas says, according to the DHS’s cybersecurity report. Security and infrastructure security agency will have to do it. A contingency plan for what to do if a cyber attack occurs.
He said that low-risk railways and related institutions will be encouraged, but there is no need to take similar steps. Meyerkas made the remarks during a speech he delivered virtually on Wednesday at the Billington Cybersecurity Summit.
The additional regulations would boost cybersecurity in the aviation industry, Meyerkas said. “Serious” US airport and passenger aircraft operators, as well as all cargo aircraft operators, will also be required to establish cybersecurity coordinators and report cyberattacks to CISA.
“We need to be equipped today, not tomorrow,” Meyerkas said. “I cannot stress the urgency of the mission more.”
Transit systems, large and small, have been a recent target for cybercriminals. Last spring, a hacking group with possible ties to the Chinese government compromised computer systems Metropolitan Transportation Authority in New York.
Transit officials said at the time that hackers had not been able to gain access to the systems that control train cars and that rider safety was not at risk. But he later raised concerns that hackers could enter those systems or they could continue to exploit the agency’s computer systems through backdoors.
And in June, a ransomware attack shut down the company’s main booking system. Steamship Authority of Massachusetts, which runs ferries from Cape Cod to Martha’s Vineyard and Nantucket. The ships sailed safely, but passengers weren’t able to book online or change their reservations for more than a week, and credit card access was severely limited.