urlscan.io logo urlscan.io
SecurityTrails logo

federalnewsnetwork.com Open in urlscan Pro
151.101.130.217  Public Scan

Back to summary
URL: https://federalnewsnetwork.com/cybersecurity/2021/12/dhs-continues-rolling-out-new-cyber-requirements-to-transportation-sector/
Submission: On January 18 via manual from US — Scanned from DE

Form analysis 5 forms found in the DOM

GET https://federalnewsnetwork.com/search/

<form id="header-search-form" role="search" method="get" class="search-form search-form--header" action="https://federalnewsnetwork.com/search/" tabindex="-1">
  <label class="search-form__label">
    <span class="search-form__label-text">Search</span>
    <input type="text" class="search-form__field" id="search-form__field" placeholder="Search …" value="" name="s" autocomplete="off">
  </label>
  <button id="searchsubmit" class="search-form__submit" type="submit" value="Search" aria-label="Submit search"><span>Submit </span>Search</button>
</form>

<form id="email-signup-mobile" class="email-signup-mobile" tabindex="-1">
  <input class="email-signup__email" type="email" placeholder="Newsletter">
  <button class="email-signup__submit" type="submit" aria-disabled="true">Submit</button>
</form>

GET https://federalnewsnetwork.com/search/

<form id="header-mobile-search-form" role="search" method="get" class="header-mobile-search-form" action="https://federalnewsnetwork.com/search/" tabindex="-1">
  <label class="search-form__label">
    <span class="search-form__label-text">Search</span>
    <input type="text" class="search-form__field" id="search-form__field" placeholder="Search …" value="" name="s" autocomplete="off">
  </label>
  <button id="searchsubmit" class="search-form__submit" aria-disabled="true" type="submit" value="Search" aria-label="Submit search"><span>Submit </span>Search</button>
</form>

Name: emailsignupformPOST https://federalnewsnetwork.com/sailthru-newsletters-signup/

<form action="https://federalnewsnetwork.com/sailthru-newsletters-signup/" name="emailsignupform" id="sailthru-form-content" class="form form--red form--red visible" method="post">
  <div class="form__row" id="form-inputs">
    <legend class="form__title">Sign up for breaking news.</legend>
    <input class="form__input" type="email" name="email" aria-label="Email Address" placeholder="Email Address" required="">
    <input class="form__submit form__submit--white" type="submit" name="sbutton" aria-label="Sign up button" value="Signup">
  </div>
  <!-- button class="disclaimer"></button -->
</form>

Name: emailsignupformPOST https://federalnewsnetwork.com/sailthru-newsletters-signup/

<form action="https://federalnewsnetwork.com/sailthru-newsletters-signup/" name="emailsignupform" id="sailthru-newsletters-form-content" class="" method="post">
  <div class="form-group form__row" id="form-inputs">
    <input type="email" name="email" aria-label="Email Address" class="form-control form__input" placeholder="Email Address" required="">
    <input type="submit" name="sbutton" aria-label="Sign up button" class="subscribe form__submit form__submit--white" value="Signup">
  </div>
  <button class="disclaimer form__text-btn">Or manage your existing subscription</button>
  <div class="clearfix"></div>
</form>

Text Content

 * Technology
   * Artificial Intelligence
   * Ask the CIO
   * Automation
   * Big Data
   * CIO News
   * Cloud Computing
   * Cybersecurity
   * IT Modernization
   * Open Data/Transparency
   * Reporter’s Notebook
 * Defense
   * DoD Reporter’s Notebook
   * On DoD
   * Army
   * Navy
   * Air Force
   * Defense Industry
 * Workforce/Management
   * Acquisition
   * Agency Oversight
   * Budget
   * Facilities/Construction
   * Hiring/Retention
   * Management
   * People
   * Reorganization
   * SES
   * Unions
   * Workforce Rights/Governance
 * Pay & Benefits
   * Benefits
   * Open Season
   * Pay
   * Retirement
   * TSP
 * Commentary
   * Mike Causey
   * Tom Temin
 * Audio
   * Accelerating Government
   * Ask the CIO Podcasts
   * Business of Government Hour
   * Every Side of Cyber
   * Federal Drive
   * Federal Executive Forum
   * Federal Newscast
   * Federal Tech Talk
   * FEDtalk
   * For Your Benefit
   * Innovation in Government
   * Modern Government
   * On DoD Podcasts
   * Platform for the Mission
   * Search for Accountability
   * Security Clearance Insecurity
   * The Space Hour
   * Your Turn
   * More Audio Shows
 * Resources
   * Federal Insights
   * eBook Library
   * Executive Briefings
   * Industry Analysis
   * Webinars
   * Surveys

Menu Search
Search Submit Search
On Air: Innovation in Government
Trending:
 * Remembering the BlackBerry
 * Former DHS IG stole property
 * USPS reaches deal with union on COVID test delivery

Email Alerts
Listen Live
 * Listen
 * Schedule

Listen Live Schedule Sports
 * Technology
   * Artificial Intelligence
   * Ask the CIO
   * Automation
   * Big Data
   * CIO News
   * Cloud Computing
   * Cybersecurity
   * IT Modernization
   * Open Data/Transparency
   * Reporter’s Notebook
 * Defense
   * DoD Reporter’s Notebook
   * On DoD
   * Army
   * Navy
   * Air Force
   * Defense Industry
 * Workforce/Management
   * Acquisition
   * Agency Oversight
   * Budget
   * Facilities/Construction
   * Hiring/Retention
   * Management
   * People
   * Reorganization
   * SES
   * Unions
   * Workforce Rights/Governance
 * Pay & Benefits
   * Benefits
   * Open Season
   * Pay
   * Retirement
   * TSP
 * Commentary
   * Mike Causey
   * Tom Temin
 * Audio
   * Accelerating Government
   * Ask the CIO Podcasts
   * Business of Government Hour
   * Every Side of Cyber
   * Federal Drive
   * Federal Executive Forum
   * Federal Newscast
   * Federal Tech Talk
   * FEDtalk
   * For Your Benefit
   * Innovation in Government
   * Modern Government
   * On DoD Podcasts
   * Platform for the Mission
   * Search for Accountability
   * Security Clearance Insecurity
   * The Space Hour
   * Your Turn
   * More Audio Shows
 * Resources
   * Federal Insights
   * eBook Library
   * Executive Briefings
   * Industry Analysis
   * Webinars
   * Surveys

Submit
Search Submit Search

Hubbard Radio Washington DC, LLC. All rights reserved. This website is not
intended for users located within the European Economic Area.


Cybersecurity


DHS CONTINUES ROLLING OUT NEW CYBER REQUIREMENTS TO TRANSPORTATION SECTOR

Justin Doubleday@jdoubledayWFED
December 6, 2021 5:07 pm
5 min read
      

The Department of Homeland Security’s cybersecurity sprint for the
transportation sector is yielding a minimum set of cybersecurity requirements
that is slowly spreading out across pipelines, rail operators, aviation and
other entities.

Last week, the Transportation Security Administration issued new cybersecurity
directives for rail operators. The requirements will apply to approximately 80%
of freight rail operators and 90% of passenger rail across the country,
according to Department of Homeland Security officials.

They require operators to establish a 24/7 cybersecurity coordinator; report
cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency
within 24 hours; develop a cyber incident response plan within 180 days; and
conduct a cyber self-assessment within 90 days.

The directives are effective Dec. 31.

TSA’s push to issue cybersecurity requirements began in the wake of the Colonial
Pipeline hack in May, when that company’s corporate network was shut down by
ransomware, forcing the pipeline to cease operations for several days and
leading to gas shortages on the East Coast.

In late May, TSA issued an initial security directive requiring high-risk
pipelines and natural gas facilities to report cyber incidents to CISA within 12
hours. It also requires the appointment of a cybersecurity coordinator and a
self-assessment of cybersecurity practices.

Victoria Newhouse, deputy assistant administrator for policy, plans and
engagement at TSA, said all covered pipelines are all in compliance with the May
directive.

A second TSA directive in July requires pipelines to take specific actions to
defend against ransomware. That directive has not been released to the public.



During a hearing before the House Transportation Committee last week, Newhouse
said TSA applied lessons from the pipeline effort in developing the new security
directives for rail operators. One of the biggest challenges, she said, is
defining what exactly constitutes a reportable cyber incident.

“We’ve made it more effective, less broad, so it’s an incident that’s reasonably
likely to have a devastating impact on any of their systems,” Newhouse said.

TSA is also directing similar cyber requirements to the aviation sector. The
agency recently updated its standard security program for aviation to require
the appointment of a cybersecurity coordinator and the reporting of cyber
incidents to CISA. Future updates will include requirements for a cybersecurity
self-assessment and cyber incident response plan, DHS officials told reporters
on a background call last week.

“Those four requirements will be in place for our larger airports and aircraft
operators,” a DHS official said.

TSA’s actions have them out ahead of potential new legislative requirements in
multiple sectors. The House version of the fiscal year 2022 National Defense
Authorization Act would set a 72-hour cyber incident reporting requirement for
all critical infrastructure operators. The Senate is considering similar
legislation, but it has yet to pass the annual defense bill.

        Read more: Cybersecurity

But challenges also remain in securing both public and private sector critical
infrastructure, according to Nick Marinos, director of information technology
and cybersecurity at the Government Accountability Office.

“I think that the bottom line is that we are constantly operating behind the
eight ball,” Marinos said. “We have seen consistently in our work that agencies
have had challenges in maintaining very up-to-date sector plans that actually
would talk about the cyber threats that agencies are facing and the
infrastructure is facing today.”

With cybersecurity threats crossing multiple sectors and jurisdiction
boundaries, Marinos stressed the need for a national cyber strategy to address
the growing problem.

“While there is resiliency built in in many ways to physical attacks, the cyber
attacks continue to show us that we need to do more to not only shore up
specific sectors, but the entire nation’s approach to cybersecurity as well,” he
said.

Meanwhile, Congressional Republicans have also pushed back on TSA’s new
cybersecurity mandates. They’ve asked the DHS Inspector General to investigate
how TSA developed the new requirements for pipelines, arguing that the agency
rushed them out the door and did not adequately consult industry experts.

Rep. Brian Babin (R-Texas) acknowledged the federal government has a legitimate
role to play in protecting companies from cyber attacks. But he also argued
cyber intrusions are hard to track and requirements could unintentionally hurt
businesses.

“We’ve got to be extraordinarily careful as lawmakers and as rule makers that we
don’t meddle into something we don’t properly understand and unintentionally
create more bloated regulation or stifle innovation with overly burdensome
requirements that don’t truly secure our infrastructure,” Babin said. “Any
policy we push forward has got to be aggressive, but consistent with our
nation’s founding principles.”

        Sign up for our daily newsletters so you never miss a beat on all things
federal

Newhouse said the agency is responding to those concerns.

“We have heard a number of concerns to ensure that all operators large and small
can apply these cybersecurity measures in effective and efficient manner, so we
do take that into consideration,” she said. “And we continue to elicit feedback.
We’re not just done when we issue the documents. It’s a continuous feedback loop
and improvement and we have to stand committed to that.”

And DHS isn’t done issuing cyber requirements yet either. The directives issued
to both pipelines and rail operators are temporary measures issued under
emergency authority. Next year, officials say DHS will issue a formal rulemaking
to implement a long term plan for strengthening cybersecurity in the
transportation sector.

“The requirements that we’ve gone out with at this point, we feel are very much
baseline requirements that industry should be doing anyway as a matter of best
practice and cyber hygiene,” a senior DHS official told reporters last week.
“But we thought it was important to go out and establish that baseline now. And
we will continue to evaluate going forward necessary and appropriate next
steps.”


Sign up for breaking news.



RELATED STORIES

AP Photo/Manuel Balce Ceneta

CISA LOOKS TO TIE TOGETHER PUBLIC-PRIVATE PARTNERSHIPS THROUGH NEW CYBER
PLANNING OFFICE


Cybersecurity Read more

MAYORKAS OUTLINES WHOLE-OF-DHS RESPONSE BEHIND LATEST CYBER SPRINT


Cybersecurity Read more
(AP Photo/Chris Carlson)

CISA UNDER PRESSURE TO PUT MORE TEETH IN CYBER REQUIREMENTS FOLLOWING COLONIAL
PIPELINE ATTACK


Cybersecurity Read more

Related Topics
All News Brian Babin Colonial Pipeline cyber regulations Cybersecurity
Cybersecurity and Infrastructure Security Agency Department of Homeland Security
Government Accountability Office Nick Marinos ransomware Technology
Transportation Security Administration Victoria Newhouse


COMMENTS




AROUND THE WEB



MAMA BEAR GRABS MAN AFTER HE SAVES HER CUBS

viralsharks
av-override
00:05
/
00:40
Replay






Skip
Ads by


Read More



20 DOG BREEDS YOU SHOULDN'T HAVE IF YOU ARE A NEWBIE

viralsharks.net

20 PICS OF MOVIE SCENES YOU HAD NO IDEA THAT WERE FILMED THIS WAY

newzgeeks.net

FIREFIGHTERS RESCUE PUPPIES FROM GUTTER ONLY TO FIND THEY AREN'T DOGS

viralsharks.net

The content you see here is paid for by the advertiser or content provider whose
link you click on, and is recommended to you by Revcontent. As the leading
platform for native advertising and content recommendation, Revcontent uses
interest based targeting to select content that we think will be of particular
interest to you. We encourage you to view your opt out options in Revcontent's
Privacy Policy


WANT YOUR CONTENT TO APPEAR ON SITES LIKE THIS?

Increase Your Engagement Now!


WANT TO REPORT THIS PUBLISHER'S CONTENT AS MISINFORMATION?

Submit a Report
Got it, thanks!



Or manage your existing subscription





THE LATEST IN GOVERNMENT EVENTS POWERED BY:


1|16 ANME Winter 2022
1|17 San Diego, CA: ITAR / EAR / OFAC...
1|17 Getting Started with License...
View More Events
Post Your Event


FED PHOTO OF THE DAY


AN F/A-18E SUPER HORNET LAUNCHES OFF FLIGHT DECK OF THE USS CARL VINSON



Federal News Network
About FNN
 * News Team
 * Careers
 * Contact Us

Connect
 * Events
 * Press Releases
 * RSS Feeds

Partnerships
 * Advertise
 * Partners & Events
 * Hubbard Radio
 * Insights

Listen
 * Radio Shows
 * Sports
 * WTOP

 * Follow Federal News Network on Facebook
 * Follow Federal News Network on Twitter
 * Follow Federal News Network on Linkedin
 * Follow Federal News Network on Instagram

 * Go Apple's Website to download the APP
 * Go Google's Website to download the APP


 * Terms of Use
 * Copyright/Usage Policy
 * DMCA Notice
 * Privacy Policy
 * Comment Policy
 * EEO Report
 * FCC Online Public Inspection File
 * FCC Applications

Need help accessing the FCC Public File due to a disability? Please contact Kris
Shuldes at kshuldes@hbi.com or 651-642-4336.

Copyright 2022 Hubbard Radio Washington DC, LLC. All rights reserved. This
website is not intended for users located within the European Economic Area.




Update Privacy Preferences
An Elite CafeMedia Publisher