[BreachExchange] TSA set to mandate railroads and rail systems report cyber incidents to government

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Fri Oct 8 09:49:38 EDT 2021


https://abc7chicago.com/tsa-set-to-mandate-railroads-and-rail-systems-report-cyber-incident/11095220/

The Transportation Security Administration will issue a new directive for
railroad and rail transit system operators to implement more stringent
cybersecurity measures, Homeland Security Secretary Alejandro Mayorkas said
Wednesday.

The new directive will mandate those companies report incidents to the
Cybersecurity and Infrastructure Security Agency (CISA) and hire a
cybersecurity point person.

In addition to railways, the TSA is also requiring U.S. airport operators,
passenger aircraft operators and all cargo aircraft operators to designate
a cybersecurity coordinator and report all incidents to CISA, by next
spring, Mayorkas said at the Billington Cybersecurity Forum.

"TSA will expand the covered entities gradually to other relevant entities
that can consider additional measures," he said.

In the wake of the Colonial Pipeline hack in May, TSA directed pipeline
operators to report any cyber incidents to CISA. TSA is the agency
responsible for pipeline security.

The agency has just 34 staff positions, including headquarters personnel,
policy planners and field inspectors, to perform its pipeline and
cybersecurity mission, according to a TSA official. Of those, only eight
have attended any specialized cybersecurity training.

Both the secretary and the head of the Department's cybersecurity division
also tackled the scourge of ransomware that has been a growing problem in
the U.S. and across the world.

"It really is an epidemic," Cybersecurity and Infrastructure Security
Agency Director Jenn Easterly said at the Mandiant cyber conference on
Wednesday. "Some of this is because we all went to work from home in a less
secure environment. And some of it is these actors have become much more
capable over the past couple of years, empowered by the democratization of
these tools and the weaponization of all the data that's out there."

Easterly said it is an "international effort" to combat ransomware attacks
across the world.

"If a highly dedicated, sophisticated state actor wants to own you they
will, but there are things that people can do to keep themselves safe," she
explained.

The CISA director said over 90% of successful cyber attacks occur because
of a phishing email and urged companies to prepare for a disruption.

The announcement comes as the Department of Justice on Wednesday will seek
to use civil enforcement tools to extract "hefty fines" against companies
and contractors who receive federal funds and fail to follow necessary
cybersecurity standards.

"When those who are entrusted with government dollars who are trusted to
work on sensitive government systems fail to follow required cybersecurity
standards, we're going to go after that behavior and extract very hefty --
very hefty fines," Deputy Attorney General Lisa Monaco said Wednesday in an
appearance at the Aspen Cyber Summit.

Monaco said DOJ's new 'Civil Cyber Fraud Initiative' is in part a response
to companies who receive government dollars but decline to report breaches
to the FBI or CISA when they are victims of cyberattacks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211008/428cdfe5/attachment.html>


More information about the BreachExchange mailing list