US to tell critical rail, air companies to report hacks, name cyber chiefs
The TSA will introduce regulations that compel the most important US railroad and airport operators to improve their cybersecurity procedures, Homeland Security Secretary Alejandro Mayorkas said on Wednesday. The upcoming changes will make it mandatory for “higher-risk” rail transit companies and “critical” US airport and aircraft operators to do three things: name a chief cyber official, disclose hacks to the government and draft recovery plans for if an attack were to occur. The planned regulations come after cybercriminals attacked a major U.S. pipeline operator here, causing localized gas shortages along the US East Coast in May. The incident led to new cybersecurity rules for pipeline owners in July. “Whether by air, land, or sea, our transportation systems are of utmost strategic importance to our national and economic security,” Mayorkas said. “The last year and a half has powerfully demonstrated what’s at stake.” A key concern motivating the new policies comes from a growth in ransomware attacks against critical infrastructure companies. “It’s the first of its kind with respect to the cyber focus,” said a senior homeland security official, who declined to be named, about the railway security directive and an update to aviation security programs.<br/>
https://portal.staralliance.com/cms/news/hot-topics/2021-10-07/general/us-to-tell-critical-rail-air-companies-to-report-hacks-name-cyber-chiefs
https://portal.staralliance.com/cms/logo.png
US to tell critical rail, air companies to report hacks, name cyber chiefs
The TSA will introduce regulations that compel the most important US railroad and airport operators to improve their cybersecurity procedures, Homeland Security Secretary Alejandro Mayorkas said on Wednesday. The upcoming changes will make it mandatory for “higher-risk” rail transit companies and “critical” US airport and aircraft operators to do three things: name a chief cyber official, disclose hacks to the government and draft recovery plans for if an attack were to occur. The planned regulations come after cybercriminals attacked a major U.S. pipeline operator here, causing localized gas shortages along the US East Coast in May. The incident led to new cybersecurity rules for pipeline owners in July. “Whether by air, land, or sea, our transportation systems are of utmost strategic importance to our national and economic security,” Mayorkas said. “The last year and a half has powerfully demonstrated what’s at stake.” A key concern motivating the new policies comes from a growth in ransomware attacks against critical infrastructure companies. “It’s the first of its kind with respect to the cyber focus,” said a senior homeland security official, who declined to be named, about the railway security directive and an update to aviation security programs.<br/>
