The U.S. Transportation Security Administration this week released a cybersecurity security directive for designated passenger and freight railroads.
In a news release, TSA said the directive seeks to strengthen cybersecurity requirements and focuses on performance-based measures to improve security.
The regulation was developed in consultation with the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Federal Railroad Administration.
The directive requires that TSA-specified passenger and freight railroad carriers take action to prevent disruption and degradation of their infrastructure. This includes:
• Developing network segmentation policies and controls to ensure that the operational technology system can continue to safely operate in the event that an information technology system has been compromised;
• Creating access control measures to secure and prevent unauthorized access to critical cyber systems;
• Building continuous monitoring and detection policies and procedures to detect cybersecurity threats and correct anomalies that affect critical cyber system operations; and
• Reducing the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers and firmware on critical cyber systems in a timely manner using a risk-based methodology.
Passenger and freight railroad carriers will be directed to establish and execute a TSA-approved Cybersecurity Implementation Plan that describes the specific cybersecurity measures the passenger- and freight-rail carriers are utilizing to achieve the security outcomes set forth in the security directive.
They also must establish a Cybersecurity Assessment Program to proactively test and regularly audit the effectiveness of cybersecurity measures and identify and resolve vulnerabilities within devices, networks and systems.
Tags: cybersecurity, U.S. Transportation Security Administration
akronrrclub.wordpress.com 
Leave a Reply