Media Kit » Try RailPrime™ Today! »
Progressive Railroading
Newsletter Sign Up
Stay updated on news, articles and information for the rail industry

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

View Current Digital Issue »

Rail News Home Security


Rail News: Security

TSA to issue cybersecurity mandates for rail industry

U.S. Homeland Security Secretary Alejandro Mayorkas
Photo –


U.S. Homeland Security Secretary Alejandro Mayorkas earlier this week announced the Biden administration will issue new cybersecurity regulations for some railroads and transit-rail systems.

In an Oct. 6 speech at the Billington CyberSecurity Summit, Mayorkas said the Transportation Security Administration (TSA) is laying the foundation for a more secure and resilient aviation and surface transportation sector — including rail, he said.

"To strengthen the cybersecurity of our railroads and rail transit, TSA will issue a new security directive this year that will cover higher-risk railroad and rail transit entities and require them to identify a cybersecurity point person; report incidents to [the Cybersecurity and Infrastructure Security Agency]; and put together a contingency and recovery plan in case they become a victim of malicious cyber activity," Mayorkas said, according to a transcript of his speech.

TSA is coordinating and consulting with the industry in developing those plans, according to the secretary.

“For lower-risk surface entities, TSA will issue separate guidance that encourages, rather than requires, these entities to take the same measures. Reducing cybersecurity risk is in every organization’s self-interest, especially considering the indiscriminate nature of ransomware,” Mayorkas added.

Beyond the most urgent and important measures required by the security directive, TSA also is initiating a rulemaking process to develop a longer-term regime to strengthen cybersecurity and resilience in the transportation sector, the secretary said.

To gather industry input on the process, the TSA will issue an information circular recommending the completion of a cybersecurity self-assessment.

Contact Progressive Railroading editorial staff.

More News from 10/8/2021