What’s Happening and Why Should it Matter To YOU?
Over the past year, we’ve seen cyberattacks on a number of critical transportation systems, including the recent cyberattack on the Colonial Pipeline, one of the largest private fuel pipeline operators in the United States and the supplier of approximately 45 percent of the fuel on the East Coast. A compromised network password led to a ransomware attack and shutdown of the pipeline creating fuel shortages that greatly impacted East Coast transportation operations.
This rise in attacks has caused the Federal Government to react with new standards from TSA and the Cybersecurity and Infrastructure Security Agency (CISA) that require all transportation and critical infrastructure operators to take action.
RECENT EXAMPLES OF CYBERATTACKS
- The San Francisco Municipal Transportation Agency experienced an attack that compromised 2,000 computers.
- The Toronto Subway System suffered a similar attack.
- The Martha’s Vineyard Ferry’s system was compromised in June of 2021
What are These New Regulations?
As of December 2021, all transportation infrastructure operators now must have a cybersecurity coordinator who can be reached 24/7 in the event of any incident.
You must also report to CISA and the Transportation Security Administration (TSA) on the current state and protection of your systems and how you plan to bring them up to standard.
CISA outlined these regulations in Security Directive 1582-21-01 issued on November 19 2021 which are to be implemented by July 31, 2021.
It is important that private companies, cities, states and regulators at the highest federal levels understand the threat to various systems and the ways those threats can be mitigated.
ACTIONS REQUIRED BY THE NEW SECURITY REGULATIONS
1. Formerly designate a Cybersecurity Coordinator who is the principal point of contact with TSA and CISA for cybersecurity-related matters, and an alternate, as this person must be available 24 hours a day, seven days a week in case of any incidents.
2. Report cybersecurity incidents to CISA immediately when you become aware of them.
3. Develop a Cybersecurity Incident Response Plan and share it with the CISA and TSA.
4. Conduct a cybersecurity vulnerability assessment and submit it to TSA. This is to include an assessment of current practices and activities, identifying any gaps, and a plan to fix them.
For more information and guidance on these new directives, please email firstname.lastname@example.org.