January 23, 2022

Volume XII, Number 23

Advertisement
Advertisement

January 21, 2022

Subscribe to Latest Legal News and Analysis

January 20, 2022

Subscribe to Latest Legal News and Analysis

TSA Announces New Security Directives for Rail Sector

On December 2, 2021, the Transportation Security Administration (“TSA”) announced that it issued two security directives requiring higher-risk freight railroads, passenger rail and rail transit to implement measures to strengthen cybersecurity within the sector. In its press release, the TSA stated that it determined these requirements needed to be issued immediately to protect the transportation sector. The TSA also stated that it sought input from industry stakeholders and federal partners, including the Cybersecurity and Infrastructure Security Agency (“CISA”), in developing its approach.

Key among the requirements in therai security directives is a requirement to report cybersecurity incidents to CISA within 24 hours. The directives also require these rail transportation owners and operators to (1) designate a cybersecurity coordinator, (2) develop and implement a cybersecurity incident response plan, and (3) conduct a cybersecurity vulnerability assessment to identify potential gaps or vulnerabilities in their systems.

Homeland Security Secretary Alejandro Mayorkas said the new requirements “will help keep the traveling public safe and protect our critical infrastructure from evolving threats” and indicated that the Department of Homeland Security will continue public and private partnerships to increase the resilience of critical infrastructure. Ian Jefferies, President and Chief Executive Officer of the Association of American Railroads, said in a statement that “[r]ailroads take these threats seriously and value our productive work with government partners to keep the network safe.”

The press release also announces that the TSA is releasing guidance recommending that all other lower-risk rail transportation owners and operators voluntarily implement the same measures.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XI, Number 340
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement
Advertisement