"New Federal Cybersecurity Requirements for Railway Operators"

The US government is prioritizing improving cybersecurity across the nation's critical industries. Officials acknowledged the importance of defending US infrastructure when the Colonial Pipeline ransomware attack shut down a crucial fuel pipeline, resulting in significant gas shortages. In response to the escalating threat, officials have prioritized strengthening the security of these businesses. In March of 2022, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). The Act impacts agencies, organizations, and more whose disruption of service will have an adverse effect on economic security or public health and safety. Railways are a part of critical infrastructure. In recent years, railroads have been targeted by large-scale attacks, including a 2019 data breach at China Railways (CR). Other significant incidents include the compromise of 146 million records in Network Rail and C3UK's databases, as well as a malware attack on the railway equipment manufacturer Sadler. In October, President Biden issued the Enhancing Rail Cybersecurity Directive from the Transportation Security Administration (TSA) for critical infrastructure, which included directions for railway companies. The new directive requires the designation of a Cybersecurity Coordinator, the reporting of cybersecurity incidents to US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), and the development of an incident response plan for cybersecurity incidents. Transportation services, notably railways, are a cornerstone of the American economy. In addition to their importance to the tourism industry, transportation services are essential to the supply chain. By requiring additional cybersecurity safeguards for railways, the US decreases the chances of interruption caused by cyberattacks on critical infrastructure. This article continues to discuss efforts to improve the cybersecurity of railway operations. 

Security Intelligence reports "New Federal Cybersecurity Requirements for Railway Operators"