U.S. to tell critical rail, air companies to report hacks, name cyber chiefs


FILE PHOTO: White House Press Secretary Jen Psaki listens as U.S. Secretary of Homeland Security Alejandro Mayorkas speaks about an investigation into the treatment of Haitian migrants on the U.S.-Mexican border, during the daily briefing in the Brady Press Briefing Room at the White House in Washington, U.S., September 24, 2021. REUTERS/Evelyn Hockstein

(Reuters) -The Transportation Security Administration will introduce new regulations that compel the most important U.S. railroad and airport operators to improve their cybersecurity procedures, Homeland Security Secretary Alejandro Mayorkas said on Wednesday.

The upcoming changes will make it mandatory for "higher-risk" rail transit companies and "critical" U.S. airport and aircraft operators to do three things: name a chief cyber official, disclose hacks to the government and draft recovery plans for if an attack were to occur.

The planned regulations come after cybercriminals attacked a major U.S. pipeline operator https://www.reuters.com/business/colonial-pipeline-ceo-tells-senate-cyber-defenses-were-compromised-ahead-hack-2021-06-08, causing localized gas shortages along the U.S. East Coast in May. The incident led to new cybersecurity rules for pipeline owners in July.

"Whether by air, land, or sea, our transportation systems are of utmost strategic importance to our national and economic security," Mayorkas said. "The last year and a half has powerfully demonstrated what’s at stake."

A key concern motivating the new policies comes from a growth in ransomware attacks against critical infrastructure companies.

"It’s the first of its kind with respect to the cyber focus," said a senior homeland security official, who declined to be named, about the railway security directive and an update to aviation security programs.

Ransomware, a type of malware variant that encrypts a victimized system until the owner pays a ransom in the form of cryptocurrency to the hacker, has become increasingly common in recent years.

"If transportation does not work, if people can’t go from A to B, then it can create pressure pretty quickly [to pay the ransom]," said the senior official.

The announcement also follows reports in June https://www.nytimes.com/2021/06/02/nyregion/mta-cyber-attack.html of a Chinese hacking group infiltrating New York City’s Metropolitan Transportation Authority and an August 2020 ransomware attack https://www.inquirer.com/transportation/septa-malware-attack-employees-riders-app-announcements-20200824.html against the Southeastern Pennsylvania Transportation Authority, causing a disruption to services.

The Homeland Security Department helped investigate the MTA incident alongside other federal agencies, including the FBI.

Last month, the TSA notified the private sector about the impending regulations, said the senior official, and the agency is currently receiving feedback.

The regulations will become active before the end of 2021.

(Reporting by Christopher Bing; editing by Diane Craft)

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 46
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights

   

Next In Tech News

Xiaomi to open car plant in Beijing with annual output of 300,000 vehicles - Beijing govt
India tells public to shun Musk-backed Starlink until it gets licence
Not for the faint hearted: 'Happy Game' is anything but
El Salvador ‘Bought the Dip,’ Acquiring 100 More Bitcoin
Keeping people awake on Zoom: Ways to liven up a digital meeting
Facebook offers remedies to address EU concerns about Kustomer deal
Paris slows rented e-scooters to 10 km/h in urban areas
WhatsApp wins approval to double payments offering to 40 million users in India - source
Mobile phone museum launches online
Payments firm Klarna's Jan-Sep losses grow on soured credits

Others Also Read


Vouchers