TSA will force train and plane operators to tell the feds when they've been hacked

Amerikaanse lugrederye en spoorweë sal kuberoortredings aan die federale regering moet rapporteer, het die Biden-administrasie Donderdag gesê, soos amptenare waarsku teen toenemende gevaar van poging tot hacks.

There have been several reported cyber attacks on the rail sector over the past year, such a breach of New York’s Metropolitan Transportation Authority’s computer systems, a ransomware attack on Toronto’s transit agency and a cyberattack on the Ann Arbor Area Transportation Authority that caused temporary disruptions to real-time bus information.
Since the crippling ransomware attack on Colonial Pipeline earlier this year, US authorities have scrambled to implement measures to help protect critical infrastructure in the US from cyber attacks.
    Under the new Transportation Security Administration mandates, major rail operators will be required to designate a cybersecurity coordinator, report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency within 24 ure, complete a vulnerability assessment and develop a cybersecurity incident response plan.
      Airport and airline operators will also be required to designate a cybersecurity coordinator and report cybersecurity incidents within 24 ure.
        Cybersecurity incidents affecting transportation are a growing, evolving and persistent threat,” Victoria Newhouse, TSA’s deputy assistant administrator, told the House Transportation Committee on Thursday. “Across US critical infrastructure, cyber threat actors have demonstrated their willingness and ability to conduct malicious cyber activities targeting critical infrastructure by exploiting the vulnerability of operational technology and information technology systems.
        Following the ransomware attack on Colonial Pipeline earlier this year, TSA issued two security directives mandating cybersecurity requirements on the pipeline industry.
          Since the issuance of those security directives, pipeline operators have reported 591 cyber-related incidents, volgens die departement van binnelandse veiligheid.
            Van daardie 591 voorvalle, one was rated as having alow” impak, meaning it isunlikely to affect public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.
            The rest were ratednegligible” of “mineur” — designations that are considered baseline and present even less concern thanlow.




            , , , , , ,

            Kommentaar gesluit.