January 4, 2023 By Jennifer Gregory 2 min read

Recently, the U.S. government has focused on increasing cybersecurity in industries that are vital to the country. After the Colonial Pipeline ransomware attack shut down a critical fuel pipeline, which led to significant gas shortages, officials realized the importance of protecting the U.S. infrastructure. In response to the growing threat, leaders put the spotlight on fortifying the security of those industries.

President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) in March 2022. The Act affects agencies, organizations and businesses whose service disruption would impact economic security or public health and safety. Railways are one industry included in critical infrastructure.

Railways targeted by cyberattacks in recent years

Railways have been the target of large attacks in recent years, including a data breach at China Railways (CR) in 2019. Other key attacks include a breach of 146 million records in the database of Network Rail and the service provider C3UK, and a malware attack on Sadler, a railway equipment manufacturer. In October, President Biden released the Enhancing Rail Cybersecurity Directive from the Transportation Security Administration for critical infrastructure with directives to railway companies.

TSA administrator David Pekoske said, “The nation’s railroads have a long track record of forward-looking efforts to secure their network against cyber threats and have worked hard over the past year to build additional resilience, and this directive, which is focused on performance-based measures, will further these efforts to protect critical transportation infrastructure from attack.”

Requirements of the enhancing rail cybersecurity directive

The new directive has four main requirements:

  1. Designate a cybersecurity coordinator – This role implements cybersecurity practices, manages cybersecurity incidents and serves as a liaison between the railway and both TSA and the Cybersecurity and Infrastructure Security Agency (CISA) regarding cybersecurity. Because the coordinator must be available 24/7, railways must also designate a backup coordinator. All cybersecurity coordinators must be U.S. citizens and eligible for security clearance.
  2. Report cybersecurity incidents to CISA – All cybersecurity incidents, including unauthorized access, malicious software and DoS attacks, must be reported to CISA within 24 hours of the event. In addition to all relevant information about what occurred, the railway must report the impact on the railway and the railway’s response to the incident.
  3. Develop a cybersecurity incident response plan – The plan must include how the railway will prompt identification, isolation and segregation of the infected systems as well as security of backed-up data. The plan also establishes capability and governance for isolating the systems. Railways must adopt their plan within 180 days of the directive and must also conduct regular testing of the plan.
  4. Assess cybersecurity vulnerability – The assessment must identify gaps and document remediation measures. Railways need to complete the assessment within 90 days of the directive.

The U.S. depends on transportation services, including railways, as a cornerstone of its economy. In addition to tourism, transportation services play a critical role in the supply chain. By requiring additional cybersecurity measures for railways, the U.S. reduces the risk of disruption resulting from an attack on the country’s critical infrastructure.

More from News

Apple Intelligence raises stakes in privacy and security

3 min read - Apple’s latest innovation, Apple Intelligence, is redefining what’s possible in consumer technology. Integrated into iOS 18.1, iPadOS 18.1 and macOS Sequoia 15.1, this milestone puts advanced artificial intelligence (AI) tools directly in the hands of millions. Beyond being a breakthrough for personal convenience, it represents an enormous economic opportunity. But the bold step into accessible AI comes with critical questions about security, privacy and the risks of real-time decision-making in users’ most private digital spaces.AI in every pocketHaving sophisticated AI…

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

Ransomware attack on Rhode Island health system exposes data of hundreds of thousands

3 min read - Rhode Island is grappling with the fallout of a significant ransomware attack that has compromised the personal information of hundreds of thousands of residents enrolled in the state’s health and social services programs. Officials confirmed the attack on the RIBridges system—the state’s central platform for benefits like Medicaid and SNAP—after hackers infiltrated the system on December 5, planting malicious software and threatening to release sensitive data unless a ransom is paid. Governor Dan McKee, addressing the media, called the attack…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today