Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: DHS releases two security directives on cybersecurity in the transportation sector

The Department of Homeland Security's ('DHS') Transportation Security Administration ('TSA') announced, on 2 December 2021, two new security directives ('SD'), entitled Enhancing Rail Cybersecurity - SD 1580-21-01 and Enhancing Public Transportation and Passenger Railroad Cybersecurity - SD 1582-21-01. In addition, the TSA also released additional guidance for voluntary measures to strengthen cybersecurity across the transportation sector, the Enhancing Surface Transportation Cybersecurity - IC 2021-01, which were all issued in response to the ongoing cybersecurity threat to surface transportation systems and associated infrastructure.

In particular, the SDs require owners and operators of the transportation sector to:

  • designate a cybersecurity coordinator;
  • report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency within 24 hours;
  • develop and implement a cybersecurity incident response plan to reduce the risk of an operational disruption; and
  • complete a cybersecurity vulnerability assessment to identify potential gaps or vulnerabilities in their systems.

You can read the press release here, the Enhancing Rail Cybersecurity SD 1580-21-01 here, the Enhancing Public Transportation and Passenger Railroad Cybersecurity SD 1582-21-01 here, and the Enhancing Surface Transportation Cybersecurity IC 2021-01 here