The United States will receive new security guarantees for critical infrastructure based on the incident with the Colonial Pipeline.
The U.S. Transportation Security Administration (TSA) has proposed new rules to protect transportation infrastructure from cyberattacks. The measures should consolidate and supplement the temporary directives that were introduced after the attack on Colonial Pipeline in 2021. The new rules are one of the latest actions by the Joe Biden administration to strengthen the cybersecurity of critical infrastructure before the transfer of power.
The purpose of the new rules is to strengthen cybersecurity and unify approaches for key sectors of the U.S. transportation system. According to TSA, the agency has been actively interacting with industry partners, so the new initiative also takes into account the wishes of the industry to protect transport infrastructure facilities.
Recall that after the attack on the Colonial Pipeline in May 2021, the TSA introduced mandatory cyber requirements for pipelines for the first time, since previously security measures in this area were voluntary. However, the initial directives caused discontent among some representatives of the oil and gas industry. Subsequently, the TSA finalized its requirements to take into account the wishes of the business. Since temporary measures need to be extended annually, the TSA decided to move on to the development of permanent regulations.
The proposed rules will affect about 300 operators from the sectors of freight and passenger railways, rail and pipeline transport, as well as aviation. The new regulations will oblige companies to develop cyber risk management programs and cybersecurity operational plans, including regular audits to verify their effectiveness. In addition, organizations will have to promptly report cyber incidents to CISA. Also among the TSA requirements are adherence to the principles of CISA secure-by-design and secure-by-default, as well as the introduction of standards for training, certification and verification of employees.
The requirements will affect not only existing facilities, but will also expand to large pipelines for the transportation of hazardous liquids or carbon dioxide, especially if they are of strategic importance to the US Department of Defense.
The new rules are expected to affect 73 freight railways, 34 public transport systems and passenger railways, as well as 115 pipeline facilities. Moreover, 71 trucking companies will be required to report significant security incidents.
Source
The U.S. Transportation Security Administration (TSA) has proposed new rules to protect transportation infrastructure from cyberattacks. The measures should consolidate and supplement the temporary directives that were introduced after the attack on Colonial Pipeline in 2021. The new rules are one of the latest actions by the Joe Biden administration to strengthen the cybersecurity of critical infrastructure before the transfer of power.
The purpose of the new rules is to strengthen cybersecurity and unify approaches for key sectors of the U.S. transportation system. According to TSA, the agency has been actively interacting with industry partners, so the new initiative also takes into account the wishes of the industry to protect transport infrastructure facilities.
Recall that after the attack on the Colonial Pipeline in May 2021, the TSA introduced mandatory cyber requirements for pipelines for the first time, since previously security measures in this area were voluntary. However, the initial directives caused discontent among some representatives of the oil and gas industry. Subsequently, the TSA finalized its requirements to take into account the wishes of the business. Since temporary measures need to be extended annually, the TSA decided to move on to the development of permanent regulations.
The proposed rules will affect about 300 operators from the sectors of freight and passenger railways, rail and pipeline transport, as well as aviation. The new regulations will oblige companies to develop cyber risk management programs and cybersecurity operational plans, including regular audits to verify their effectiveness. In addition, organizations will have to promptly report cyber incidents to CISA. Also among the TSA requirements are adherence to the principles of CISA secure-by-design and secure-by-default, as well as the introduction of standards for training, certification and verification of employees.
The requirements will affect not only existing facilities, but will also expand to large pipelines for the transportation of hazardous liquids or carbon dioxide, especially if they are of strategic importance to the US Department of Defense.
The new rules are expected to affect 73 freight railways, 34 public transport systems and passenger railways, as well as 115 pipeline facilities. Moreover, 71 trucking companies will be required to report significant security incidents.
Source
