(Reuters) – The Transportation Security Administration will introduce regulations that will force major U.S. rail and aviation operators to improve their cybersecurity procedures, Home Secretary Alejandro Mayorka said Wednesday.
The forthcoming changes will make it mandatory for "higher risk" rail carriers and "critical" US airport and airline operators to do three things: name a cyber officer, expose hacking to the government, and draw up recovery plans in the event of an attack.
The planned rules come after cybercriminals attacked a major US pipeline operator, causing local gas shortages along the east coast of the United States in May. The incident led to new cyber security rules for pipeline owners in July.
"Whether by air, land or sea, our transportation systems are of the utmost strategic importance for our national and economic security," Mayorkas said. "The last year and a half has vigorously shown what is at stake."
An important issue that justifies the new policy stems from a growth in ransomware attacks on critical infrastructure companies.
"It's the first of its kind in terms of cyber focus," says a high-ranking official in his home country, who declined to be named, about the Railway Safety Directive and an update of the Aviation Safety Program.
Rafail Portnoy, Chief Technology Officer at New York City The Metropolitan Transportation Authority said that the MTA is "constantly vigilant against this global threat and will ensure compliance with all TSA regulations."
other authorities on cybersecurity and noted it wants to "reduce any duplicate reporting."
Ransomware, a type of malicious software that encrypts a victim who has been the victim until the owner pays in a redemption form of cryptocurrency to the hacker has become increasingly common in recent years .
“If transport does not work, if people can not go from A to B, it can create pressure quite quickly (that b etala lösen) ", said the high official.
Last month, the TSA notified the private sector of the forthcoming regulations, the official said, and the agency is currently receiving feedback.
The regulations will become active before the end of 2021