TSA set to mandate railroads and rail systems report cyber incidents to government

The Transportation Security Administration is set to mandate railroads and rail systems to report cyber incidents to the federal government.

The Transportation Security Administration will issue a new directive for railroad and rail transit system operators to implement more stringent cybersecurity measures, Homeland Security Secretary Alejandro Mayorkas said Wednesday.

The new directive will mandate those companies report incidents to the Cybersecurity and Infrastructure Security Agency (CISA) and hire a cybersecurity point person.

In addition to railways, the TSA is also requiring U.S. airport operators, passenger aircraft operators and all cargo aircraft operators to designate a cybersecurity coordinator and report all incidents to CISA, by next spring, Mayorkas said at the Billington Cybersecurity Forum.

"TSA will expand the covered entities gradually to other relevant entities that can consider additional measures," he said.