The U.S. government has recently emphasized the need for enhanced cybersecurity in key industries, following a ransomware attack on the Colonial Pipeline. This incident highlighted the importance of safeguarding the nation’s infrastructure. As a result, the focus has shifted towards strengthening the security of these industries.
In March 2022, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This act impacts agencies, organizations, and businesses whose service disruption could affect economic security or public health and safety. Railways, a critical infrastructure, are included in this act.
Railways have been targeted by significant cyberattacks in recent years, including a data breach at China Railways in 2019. In response, President Biden released the Enhancing Rail Cybersecurity Directive, which provides specific instructions to railway companies to bolster their cybersecurity measures.
The new directive has four main requirements: appointing a Cybersecurity Coordinator, reporting cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA), developing a Cybersecurity Incident Response Plan, and conducting a Cybersecurity Vulnerability Assessment. These measures aim to protect the nation’s critical transportation infrastructure from cyber threats, thereby reducing the risk of disruption due to an attack.