New TSA directive aims to further improve rail network security

[ad_1]

The Transportation Security Administration (TSA) has issued a new directive aimed at improving the cybersecurity of US rail operations.

The new security directive is part of the White House’s efforts to strengthen cyber security for critical infrastructure. The requirements outlined in the directive are aimed at passenger and freight rail carriers designated by TSA.

The aim is to help operators further improve their cyber preparedness and resilience, and require them to take steps to prevent disruption and infrastructure degradation.

There are four main tasks that must be carried out by railway operators. This includes developing policies and controls for network segmentation to ensure operational technology (OT) systems are secure in the event an IT system is compromised.

Another task is to create access controls to prevent unauthorized access to critical systems. In addition, operators must ensure that these critical systems are covered by continuous monitoring and detection policies and procedures.

They must also ensure that operating systems, applications, drivers and firmware running on critical systems are always updated and patched.

Rail operators must establish and implement a cyber security implementation plan, and regularly review the effectiveness of their cyber security measures and address any issues identified.

ICS Cybersecurity Conference 2022

This security directive comes less than a year after the TSA issued new directives and recommendations aimed at strengthening the cyber defenses of US rail and airport operators.

“The nation’s railroads have extensive experience with forward-looking efforts to secure their network against cyber threats and have worked hard over the past year to build additional resilience, and this directive, which is focused on performance-based measures, will advance those efforts to protect critical transportation infrastructure from attack, TSA Administrator David Pekoske said.

Threat actors attacking railways are not uncommon, with recent targets including Belarus, Italy, the UK, Israel and Iran. While researchers have shown that modern train systems are vulnerable to hacker attacks, these recent attacks targeted websites, ticketing and other IT systems, rather than control systems.

Related: Updated TSA Pipeline Cybersecurity Requirements Add More Flexibility

Related: Rail system cybersecurity firm Cylus raises $12 million

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard has a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Previous columns by Eduard Kovacs: