Resilience to
cyberattacks
TSA to Seek Comments on Requiring Pipeline, Rail Operators to Hire Third-Party Cybersecurity Assessors
The Transportation Security Administration will solicit input from the transportation industry about its plan to maximize the use of third-party assessors to ensure the compliance of critical pipeline and rail operators with its planned cybersecurity regulations.
According to an advance notice of proposed rulemaking, comments should include the benefits or challenges that operators would face if they were required to hire accredited third-party certifiers to evaluate their cybersecurity measures. Responses will be accepted within 45 days following the publication of the proposed rulemaking in the Federal Register, Nextgov reported.
TSA aims to strengthen the cybersecurity resilience of the sectors amid the rising cyber incidents impacting critical infrastructures, including the Colonial Pipeline, which was hit by a ransomware attack in May 2021 that resulted in fuel and energy supply shortages across the East Coast.
According to a factsheet from the Department of Homeland Security, the TSA previously directed operators to implement mitigation measures to protect information technology and operational technology systems from attacks and have a third-party evaluator assess the effectiveness of their cybersecurity practices following the Colonial Pipeline attack.
In July, a TSA spokesperson told the Wall Street Journal that the proposed rulemaking will “permanently codify a number of critical cybersecurity requirements for pipelines and other surface transportation systems.”
Category: Federal Civilian