The Transportation Security Administration (TSA) is issuing new directives and recommendations aimed at strengthening the cybersecurity defenses of U.S. rail and airport operators, reports the Associated Press.
The new directives require most passenger and freight rail operators to identify a cybersecurity point person, report incidents within 24 hours to the Cybersecurity and Infrastructure Security Agency, conduct a vulnerability assessment and develop a contingency and recovery plan in case of malicious cyber activity.
They go into effect at the end of 2021 and the TSA said it is making similar changes to requirements for airport operators. Republican lawmakers have expressed concern that the TSA has crafted new cybersecurity directives without enough transparency and input from affected industries. Victoria Newhouse, a TSA deputy assistant administrator, said at a congressional hearing that the agency had worked closely with private industry officials in crafting the regulations.
Additional Reading: 600,000 Vacant Cybersecurity Positions Leave US Infrastructure Vulnerable