Resource Persons at House Hearing Underscore Need for Cyber Threat Information Sharing

A House Homeland Security Committee hearing on Tuesday saw cybersecurity experts and former federal officials stressing the need to bolster information-sharing between the public and private sectors around cyber threats for planes, trains and pipelines. Witnesses also called for new regulatory measures that could potentially help increase trust between government agencies and private sector stakeholders around bi-directional information sharing, FCW reported Thursday.

The hearing was held to assess current and emerging threats to domestic transportation infrastructure as well as potential new regulatory measures to address those risks. Earlier in October, the Department of Homeland Security announced upcoming cybersecurity directives for the aviation and transit industries that will strengthen the Transportation Security Administration‘s authority over cybersecurity.

Democrats on the committee expressed support for the anticipated DHS directives but also said additional regulations were necessary after a series of successful cyberattacks targeting major railroads and airports, as well as the Colonial Pipeline ransomware attack and others targeting oil and gas pipelines.

Meanwhile, Republicans on the panel noted that there were bipartisan efforts underway to create mandatory cyber incident reporting legislation, but cautioned that industry needs to have a voice in the creation of new rules of the road, including a plan to identify owners of systemically important critical infrastructure.

The hearing took its cue from directives issued by the TSA in May and July requiring fuel pipeline operators to institute new cybersecurity measures aimed at safeguarding their systems from ransomware attacks. Those directives institute mandatory reporting requirements for both confirmed and potential cybersecurity attacks. The same directives mandate that certain pipeline operators establish mitigation measures and recovery plans around cyberattacks targeting IT and operational technology systems, FCW also reported.