Since the ransomware attack that crippled the Colonial Pipeline earlier this year, US authorities have worked to take steps to help protect critical infrastructure in the US from cyberattacks.
Under the Transportation Security Administration’s new mandate, major rail operators will have to appoint a cybersecurity coordinator, report cybersecurity incidents to the Cybersecurity Authority and Infrastructure within 24 hours, complete vulnerability assessment and develop a cybersecurity incident response plan.
Airport and airline operators will also be required to designate a cybersecurity coordinator and report cybersecurity incidents within 24 hours.
“Cybersecurity incidents affecting traffic are a growing, evolving and persistent threat,” Victoria Newhouse, deputy administrator for the TSA, told the House Transportation Committee on Thursday. . “Across US critical infrastructure, cyber threat actors have demonstrated a willingness and ability to conduct malicious cyber operations targeting critical infrastructure by exploiting the vulnerability. of operational technology and information technology systems.”
Following the ransomware attack on Colonial Pipeline earlier this year, the TSA issued two security directives that mandated cybersecurity requirements for the pipeline industry.
Since issuing those security directives, pipeline operators have reported 591 network-related incidents, according to the Department of Homeland Security.
Of those 591 incidents, one was rated as having a “low” impact, which means “not likely to affect public health or safety, national security, economic security, foreign relations, civil liberties or public trust.”
The remainder are rated as “negligible” or “small” – the designations are considered baseline and are of even less concern than “low”.