"TSA Issues New Cybersecurity Requirements for Passenger and Freight Railroad Carriers"
The Transportation Security Administration (TSA) has issued a new cybersecurity security directive that will apply to designated passenger and freight railroad carriers. This security directive will improve cybersecurity preparedness and resilience for the nation's railroad operations, building on the TSA's work to strengthen defenses in other modes of transportation. This Enhancing Rail Cybersecurity - SD 1580/82-2022-01 directive, developed with extensive input from industry stakeholders and federal partners such as the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Transportation's Federal Railroad Administration (FRA), strengthens cybersecurity requirements and focuses on performance-based measures to reach critical cybersecurity outcomes. The security directive requires TSA-specified passenger and freight railroad carriers are to create network segmentation policies and controls to ensure that the Operational Technology (OT) system can continue to operate safely if an Information Technology (IT) system is compromised, develop access control measures to secure and prevent unauthorized access to critical cyber systems, and more. This article continues to discuss TSA's new cybersecurity security directive regulating designated passenger and freight railroad carriers.