What: The Transportation Security Administration (TSA) has issued two Security Directives aimed at passenger and freight railroad cybersecurity, continuing the government’s move to an increasingly regulatory approach to private sector cybersecurity. Security Directive 1582-21-01, “Enhancing Public Transportation and Passenger Railroad Cybersecurity”[1] applies to each owner/operator of a passenger railroad carrier or rail transit system[2] while Security Directive 1580-21-01, “Enhancing Rail Cybersecurity”[3] applies to freight railroad carriers.[4] Both directives require reporting the same information to the government to prevent the significant harm that could come from the degradation, destruction, or malfunction of the systems that control rail transit.
What does it mean for industry: The Security Directives build upon pipeline security directives issued after the Colonial Pipeline ransomware attack in May 2021.[5] The rail Security Directives are effective on December 31, 2021 and require that railroad owner/operators perform four critical actions: (1) designate a Cybersecurity Coordinator; (2) report cybersecurity incidents to the Cybersecurity and…
