January 4, 2023 By Jennifer Gregory 2 min read

Recently, the U.S. government has focused on increasing cybersecurity in industries that are vital to the country. After the Colonial Pipeline ransomware attack shut down a critical fuel pipeline, which led to significant gas shortages, officials realized the importance of protecting the U.S. infrastructure. In response to the growing threat, leaders put the spotlight on fortifying the security of those industries.

President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) in March 2022. The Act affects agencies, organizations and businesses whose service disruption would impact economic security or public health and safety. Railways are one industry included in critical infrastructure.

Railways targeted by cyberattacks in recent years

Railways have been the target of large attacks in recent years, including a data breach at China Railways (CR) in 2019. Other key attacks include a breach of 146 million records in the database of Network Rail and the service provider C3UK, and a malware attack on Sadler, a railway equipment manufacturer. In October, President Biden released the Enhancing Rail Cybersecurity Directive from the Transportation Security Administration for critical infrastructure with directives to railway companies.

TSA administrator David Pekoske said, “The nation’s railroads have a long track record of forward-looking efforts to secure their network against cyber threats and have worked hard over the past year to build additional resilience, and this directive, which is focused on performance-based measures, will further these efforts to protect critical transportation infrastructure from attack.”

Requirements of the enhancing rail cybersecurity directive

The new directive has four main requirements:

  1. Designate a cybersecurity coordinator – This role implements cybersecurity practices, manages cybersecurity incidents and serves as a liaison between the railway and both TSA and the Cybersecurity and Infrastructure Security Agency (CISA) regarding cybersecurity. Because the coordinator must be available 24/7, railways must also designate a backup coordinator. All cybersecurity coordinators must be U.S. citizens and eligible for security clearance.
  2. Report cybersecurity incidents to CISA – All cybersecurity incidents, including unauthorized access, malicious software and DoS attacks, must be reported to CISA within 24 hours of the event. In addition to all relevant information about what occurred, the railway must report the impact on the railway and the railway’s response to the incident.
  3. Develop a cybersecurity incident response plan – The plan must include how the railway will prompt identification, isolation and segregation of the infected systems as well as security of backed-up data. The plan also establishes capability and governance for isolating the systems. Railways must adopt their plan within 180 days of the directive and must also conduct regular testing of the plan.
  4. Assess cybersecurity vulnerability – The assessment must identify gaps and document remediation measures. Railways need to complete the assessment within 90 days of the directive.

The U.S. depends on transportation services, including railways, as a cornerstone of its economy. In addition to tourism, transportation services play a critical role in the supply chain. By requiring additional cybersecurity measures for railways, the U.S. reduces the risk of disruption resulting from an attack on the country’s critical infrastructure.

More from News

Research finds 56% increase in active ransomware groups

4 min read - Any good news is welcomed when evaluating cyber crime trends year-over-year. Over the last two years, IBM’s Threat Index Reports have provided some minor reprieve in this area by showing a gradual decline in the prevalence of ransomware attacks — now accounting for only 17% of all cybersecurity incidents compared to 21% in 2021. Unfortunately, it’s too early to know if this trendline will continue. A recent report released by Searchlight Cyber shows that there has been a 56% increase in…

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

CISA and FBI release secure by design alert on cross-site scripting 

3 min read - CISA and the FBI are increasingly focusing on proactive cybersecurity and cyber resilience measures. Conjointly, the agencies recently released a new Secure by Design alert aimed at eliminating cross-site Scripting (XSS) vulnerabilities, which have long been exploited to compromise both data and user trust. Cross-site scripting vulnerabilities occur when a web application improperly handles user input, allowing attackers to inject malicious scripts into web pages that are then executed by unsuspecting users. These vulnerabilities are dangerous because they don't attack…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today