Homeland Security Secretary Alejandro Mayorkas said Wednesday that the Transportation Security Administration will draft new regulations that will force major U.S. railroad and airport operators to improve their cybersecurity procedures.
The changes require higher-risk rail transit companies and critical U.S. airport and aircraft operators to do three things: appoint a top cyber official, disclose hacks to the government, and come up with recovery plans in the event of an attack.
A major concern that motivates these new regulations stems from an increase in ransomware attacks on critical infrastructure companies.
The industry group Airlines for America said the issue was crucial, noting that it was already working closely with the TSA and other cybersecurity agencies and that it wanted to “reduce any potential duplicative reporting.”
The announcement also comes after a Chinese hacking group infiltrated New York City’s Metropolitan Transportation Authority and launched a ransomware attack on the Southeastern Pennsylvania Transportation Authority in August, causing massive disruption to transportation services.
The new rules will be implemented before the end of 2021.