New federal railroad cybersecurity rules released

CNN reports that the U.S. Transportation Security Administration has issued new railroad cybersecurity requirements mandating the reporting of cyber incidents to the Department of Homeland Security among freight railroad owners and operators. Railroad companies have also been required by the new rules to create their own cyber incident plans in an effort to mitigate potential operational disruptions amid increasing threats against the sector, as indicated by the ransomware attack against the San Francisco Municipal Transportation Agency in 2016. Such a directive comes months after the TSA released updated cybersecurity rules for major U.S. pipelines following last year's attack against Colonial Pipeline. Pipelines were given increased flexibility in combating cyber threats following criticism of the TSA's unrealistic requirements. Meanwhile, cybersecurity requirements are also being considered by the federal government for the healthcare, water, and communications sectors, including emergency warning systems, said White House Deputy National Security Adviser Anne Neuberger last week.