USA: DHS releases two security directives on cybersecurity in the transportation sector
The Department of Homeland Security's ('DHS') Transportation Security Administration ('TSA') announced, on 2 December 2021, two new security directives ('SD'), entitled Enhancing Rail Cybersecurity - SD 1580-21-01 and Enhancing Public Transportation and Passenger Railroad Cybersecurity - SD 1582-21-01. In addition, the TSA also released additional guidance for voluntary measures to strengthen cybersecurity across the transportation sector, the Enhancing Surface Transportation Cybersecurity - IC 2021-01, which were all issued in response to the ongoing cybersecurity threat to surface transportation systems and associated infrastructure.
In particular, the SDs require owners and operators of the transportation sector to:
- designate a cybersecurity coordinator;
- report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency within 24 hours;
- develop and implement a cybersecurity incident response plan to reduce the risk of an operational disruption; and
- complete a cybersecurity vulnerability assessment to identify potential gaps or vulnerabilities in their systems.
You can read the press release here, the Enhancing Rail Cybersecurity SD 1580-21-01 here, the Enhancing Public Transportation and Passenger Railroad Cybersecurity SD 1582-21-01 here, and the Enhancing Surface Transportation Cybersecurity IC 2021-01 here.