The Transportation Security Administration (TSA) has proposed new rules requiring those under its jurisdiction to follow specific cyber risk management (CRM) requirements, report cybersecurity incidents in a certain timeframe, and address physical security concerns.
This is positive news for the transportation industry, as hundreds of attacks have been leveled against the sector. These attacks have the potential to impact the supply chain, create chaos, and endanger human lives.
TSA’s notice of proposed rulemaking (NPRM) “continues TSA’s commitment to performance-based requirements and builds on TSA’s previously issued cybersecurity requirements aimed at establishing sustainable and comprehensive cyber risk management programs for owners and operators with high-risk profiles,” explained Chad Gorman, TSA’s deputy executive assistant administrator for operations support.
Threats to Transportation
The transportation sector is often caught in the crosshairs of socioeconomic and political unrest and is particularly vulnerable to DDoS attacks that interrupt services. Cyberattacks aimed at the industry can:
- Shut down railway, bus, or airline services.
- Block or expose access to sensitive…
