As promised by Secretary of Homeland Security Alejandro Mayorkas in October, TSA has issued new cybersecurity rules for the freight and passenger rail industries. Covered entities must designate a cybersecurity coordinator by December 31, complete a vulnerability assessment by March 31, and create an incident response plan by June 29. They also will need to report incidents to CISA within 24 hours.
TSA has also changed the criteria for pipeline operators to use in reporting cybersecurity incidents to CISA, in part responding to pushback from industry and Republican legislators against a May security directive. The changes generally align with the new standards for the rail industry. The agency also recently issued similar new rules for the aviation industry, including rules requiring a cybersecurity coordinator and setting a 24-hour deadline for incident reports.
Source:
