[ad_1]
As part of an upcoming “safety directive,” the TSA will require high-risk rail and rail transport entities to report cyber incidents to the federal government, identify cybersecurity contacts, and develop a plan. emergency and recovery in case they fall victim to cyber attacks.
The directive will be released by the end of the year, Mayorkas said at the Billington CyberSecurity Summit, where he spoke virtually.
“Reducing cybersecurity risks is in the best interests of every organization, especially given the indiscriminate nature of ransomware,” Mayorkas said.
The Biden administration on Wednesday pushed several new initiatives as officials deployed to public events as part of Cyber Security Awareness Month to promote new efforts and urge businesses to better protect themselves and the American public, including an effort by the Justice Department to impose fines on companies that don’t meet certain standards.
Members of the rail industry immediately rejected the announcement, arguing that the safety directive would force railways to take actions that have been in place for a long time.
The rail industry has only had three business days to review and provide comments on the draft safety directive, according to a spokesperson for the Association of American Railroads, an industry group for the freight rail sector, who added that the railroads have “consistently reported to federal security agencies about intelligence and cybersecurity incidents for several years.” “
“AAR hopes that the substantive comments provided will be carefully considered in deciding whether or not to pursue the directive and to ensure that any actions taken enhance, not hinder, coordinated cybersecurity efforts,” the door added. -speak in a press release.
For the airline industry, the TSA will require operators of critical U.S. airports, passenger aircraft operators and all-cargo aircraft operators to designate cybersecurity coordinators and report cyber incidents to the Cybersecurity and Infrastructure Security Agency by the end of the month.
The agency will gradually expand the covered entities and consider additional measures over time, Mayorkas said.
“Taken together, these elements – a dedicated point of contact, cyber incident reporting and contingency planning – represent the bare minimum of today’s cybersecurity best practices,” Mayorkas added.
In addition to immediate action, the TSA is working on a longer-term rule-making process to “strengthen cybersecurity and resilience in the transport sector,” he said, which will include the contribution of the industry.
Padraic O’Reilly, co-founder of CyberSaint Security, told CNN that for some industries, “voluntary standards just don’t do it,” noting that companies are devoting more resources to basic security and protection. of their systems when required by the federal government. .
“We are now in the middle of a maelstrom,” he said of cybersecurity threats facing critical industries and the need to protect them.
Also on Wednesday, Deputy Attorney General Lisa Monaco announced that for the first time, the Justice Department plans to impose substantial fines on government contractors or businesses that receive federal funds when they fail to meet cybersecurity standards. , such as the obligation to report ransomware attacks.
Under the new initiative, the Department of Justice will attack contractors for knowingly providing deficient cybersecurity products or services, knowingly distorting their cybersecurity practices or protocols, or knowingly violating corporate obligations. monitor and report cybersecurity incidents and breaches.
“When those who are entrusted with government dollars, who are trusted to work on sensitive government systems, fail to meet required cybersecurity standards, we will continue that behavior and impose very heavy fines, very heavy, ”said Monaco.
CNN’s Jessica Schneider contributed to this story.
[ad_2]
Source link