TSA issues new cybersecurity requirements for passenger and freight rail road carriers

Washington, D.C. (WOAY) – The Transportation Security Administration (TSA) announces a new cybersecurity directive regulating designated passenger and freight railroad carriers.

The security directives require TSA-specified passenger and freight railroad carriers to act to prevent disruption to their infrastructure.

The directive will develop network segmentation policies and controls to ensure that the Operational Technology system can continue to operate safely in the event of a compromised Information Technology system.

Under the policy, Passenger and freight railroad carriers must:

  1. Establish and execute a TSA-approved Cybersecurity Implementation Plan that describes the specific cybersecurity measures the passenger and freight rail carriers utilize to achieve the security outcomes outlined in the security directive.
  2. Establish a Cybersecurity Assessment Program to test proactively and regularly audit the effectiveness of cybersecurity measures and identify and resolve vulnerabilities within devices, networks, and systems.

For more information or to view TSA’s security directives and guidance documents, visit the TSA cybersecurity toolkit.

Sponsored Content