CNN reports that the U.S. Transportation Security Administration has issued new railroad cybersecurity requirements mandating the reporting of cyber incidents to the Department of Homeland Security among freight railroad owners and operators.
Railroad companies have also been required by the new rules to create their own cyber incident plans in an effort to mitigate potential operational disruptions amid increasing threats against the sector, as indicated by the ransomware attack against the San Francisco Municipal Transportation Agency in 2016.
Such a directive comes months after the TSA released updated cybersecurity rules for major U.S. pipelines following last year's attack against Colonial Pipeline. Pipelines were given increased flexibility in combating cyber threats following criticism of the TSA's unrealistic requirements.
Meanwhile, cybersecurity requirements are also being considered by the federal government for the healthcare, water, and communications sectors, including emergency warning systems, said White House Deputy National Security Adviser Anne Neuberger last week.
Twenty-five percent of operational technology organizations in the U.S., and other parts of the world have evaded data breaches this year, compared with only 6% in 2022, mostly due to the 17% decline in insider breaches from 2022 to 2023, reports SecurityWeek.
Several U.S. defense and government organizations have been targeted by state-backed Chinese hacking group Bronze Silhouette, also known as Volt Typhoon, for military intelligence over a period of at least two years, according to The Record, a news site by cybersecurity firm Recorded Future.