"PERSPECTIVE: Leveraging Public-Private Partnerships to Improve Cybersecurity in the Transportation Sector"
The number of weekly ransomware attacks against the US transportation sector increased by 186 percent between June 2020 and June 2021. Other types of cyberattacks are increasing at a similar rate. For example, pro-Russian hackers targeted public-facing websites of numerous US airports in October 2022. Cyber experts believe these attacks were probing attempts by hackers to learn how to launch more malicious attacks in the future. Cyberattacks are growing while transportation operators face market pressures to automate functions ranging from ticketing to self-driving vehicles. Increased automation requires an even greater reliance on information systems, creating a catch-22 between innovation and vulnerability. Therefore, the Transportation Security Administration (TSA) and the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) are responding by expanding cybersecurity requirements for airport, airline, rail, pipeline, and mass transit operators. Designating a cybersecurity coordinator, reporting cyber incidents, conducting cybersecurity assessments, and developing remediation and incident response plans are all part of the detailed requirements. This article continues to discuss TSA's new cyber requirements, overcoming resource challenges by leveraging industry, the benefits of the proposed framework, and the need for regulatory approaches to evolve to meet new threats.