The U.S. Transportation Security Administration (TSA) recently issued new cybersecurity regulations for passenger and freight railroad carriers to enhance cybersecurity resilience with performance-based measures. This security directive includes a new requirement for railroad carriers to build continuous monitoring policies and procedures. This is the latest of several recent initiatives on the U.S. state and federal levels requiring continuous monitoring of cyber risk.
What Does the New Security Directive Say?
Effective on Oct. 24, and for one year, the security directive, titled “Enhancing Rail Cybersecurity – SD 1580/82-2022-01,” requires passenger and freight railroad carriers to:
Develop network segmentation policies and controls to ensure that the Operational Technology system can continue to operate safely if an Information Technology system has been compromised and vice versa;
Create access control measures to secure and prevent unauthorized access to critical cyber systems;
Build continuous monitoring and detection policies and procedures to detect cybersecurity threats and correct anomalies that affect critical cyber system operations; and
Reduce the risk of exploitation of unpatched systems by promptly installing security patches and updates for operating systems, applications, drivers, and firmware on critical cyber systems using a risk-based methodology.
The TSA security directive included a 14-page document covering rail cybersecurity mitigation actions and testing. These actions signify a need for real-time threat and vulnerability detection and compliance monitoring across this sector.
Why Now?
The growing sophistication of malicious cyber actors, transnational criminal organizations, and nation-state actors intensifies the urgency of implementing the requirements of the security directive.
The evolving cyber threat environment cannot be understated. The recent National Security Strategy stated, “We are securing our critical infrastructure, advancing foundational cybersecurity for critical sectors from pipelines to water, and working with the private sector to improve security defenses in technology products. We are securing our supply chains, including through new forms of public-private collaboration, and using public procurement in critical markets to stimulate demand for innovation.”
TSA’s new security directives intend to reduce the risk of cybersecurity threats to critical railroad operations and facilities by implementing layered cybersecurity measures that provide defense-in-depth – an approach promoted by the Biden-Harris Administration since their May 2021 Executive Order on Improving the Nation’s Cybersecurity (EO 14028).
Through the security directive, TSA continues to take steps to strengthen the cybersecurity risk posture of transportation infrastructure in the current threat environment–and to shift the rail sector to foundational practices for real-time cyber risk management. This deepens TSA’s commitment to performance-based cybersecurity risk reduction, now including continuous monitoring.
How can SecurityScorecard help?
Free continuous cyber risk monitoring – Continuously monitor your network and map it to current public and private sector security mandates to detect potential compliance gaps. Invite third-party vendors to collaborate around key security and compliance issues with outreach emails.
ISAC Partner Program – Join a transportation sector Information Sharing and Analysis Center (ISAC). SecurityScorecard has strong partnerships with several transportation modals’ ISACs, including Oil and Natural Gas ISAC, Public Transportation ISAC, and the Maritime Transportation Security ISAC. These partnerships enable real-time continuous monitoring and information sharing.