The Transportation Security Administration will shortly enact new regulations to better prepare transport companies and airlines for cyber attacks.
Homeland Security Minister Alejandro Mayorkas says that railways and rail-related facilities that are considered to be “higher risk” will be required under the new directive to appoint a cybersecurity contact, report cyber incidents to the DHS cybersecurity and infrastructure security authority and an emergency plan for in the event of a cyber attack.
Lower risk railways and affiliates are encouraged but don’t have to take the same steps, he said. Mayorkas made the comments during a speech practically delivered on Wednesday at the Billington Cybersecurity Summit.
Additional regulations will increase cybersecurity in the aviation industry, Mayorkas said. “Critical” US airport and passenger aircraft operators, as well as all cargo aircraft operators, must also deploy a cybersecurity coordinator and report cyberattacks to CISA.
“We have to be equipped today, not tomorrow,” said Mayorkas. “I cannot stress the urgency of the mission enough.”
Transportation systems, large or small, have been the target of cyber criminals lately. Last spring, a group of hackers with possible ties to the Chinese government compromised the computer systems of the Metropolitan Transportation Authority in New York.
Traffic officials said at the time that the hackers had not been given access to systems that control train cars and that passenger safety was not compromised. However, they later raised concerns that hackers might have broken into these systems or that they might continue to exploit the agency’s computer systems through a back door.
And in June, a ransomware attack crippled the main booking system of the Steamship Authority of Massachusetts, which operates ferries from Cape Cod to Martha’s Vineyard and Nantucket. The ships ran safely, but passengers were unable to book or change their reservations online for more than a week, and the use of credit cards was severely restricted.