Category: Cyber Security CII sector

Cyber Security CII sector

2021 Trends Show Increased Globalized Threat of Ransomware

Agency News, Cyber Security CII sector, Industry News

In 2021, cybersecurity authorities in the United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) observed incidents involving ransomware against 14 of the 16 U.S. critical infrastructure sectors, including the Defense Industrial Base, Emergency Services, Food and Agriculture, Government Facilities, and Information Technology Sectors. The Australian Cyber Security Centre (ACSC) observed continued ransomware targeting of Australian critical infrastructure entities, including in the Healthcare and Medical, Financial Services and Markets, Higher Education and Research, and Energy Sectors. The United Kingdom’s National Cyber Security Centre (NCSC-UK) recognizes ransomware as the biggest cyber threat facing the United Kingdom. Education is one of the top UK sectors targeted by ransomware actors, but the NCSC-UK has also seen attacks targeting businesses, charities, the legal profession, and public services in the Local Government and Health Sectors.

Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors’ growing technological sophistication and an increased ransomware threat to organizations globally.

This joint Cybersecurity Advisory—authored by cybersecurity authorities in the United States, Australia, and the United Kingdom—provides observed behaviors and trends as well as mitigation recommendations to help network defenders reduce their risk of compromise by ransomware.

Full report can be downloaded here >>

Leave a comment , ,

TXOne Networks Publishes In-Depth Analysis of Vulnerabilities Affecting Industrial Control Systems

Cyber Security CII sector, Industry News

TXOne Networks, a global leader in OT zero trust and Industrial IoT (IIoT) security, has published its 2021 Cybersecurity Report which focuses on the vulnerabilities that can affect ICS environments. TXOne Networks' threat researchers conducted in-depth analysis of ICS-affecting vulnerabilities using the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for ICS, a globally-accessible knowledge base of adversary tactics and techniques found in cyber attacks on ICS environments. The results of this Cybersecurity Report enable TXOne Networks to show cyber threat and research trends from 2021 and previous years that will affect the industrial control system (ICS) environment in 2022. One important observation from the report is that cyber attacks on critical infrastructure can be resisted and made significantly easier to repel by applying the OT zero trust methodology, which includes device inspection, preserving critical applications and services, network segmentation, and virtual patching.

The focus of TXOne Networks' Cybersecurity Report lies especially on the analysis of so-called Common Vulnerabilities and Exposures (CVEs) that can affect ICS environments. These industry-critical vulnerabilities are identified each year by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The MITRE ATT&CK for ICS matrix used by TXOne Networks gives an overview of "tactics" (malicious actors' goals during an attack) as well as the specific "techniques" malicious actors will use to accomplish their goals.

2021's ICS-CERT advisories

ICS-CERT advisories are published when an ICS vulnerability is released that attackers could use to cause harm. According to the Cybersecurity Report, the number of advisories dramatically increased in 2021. There were 389 advisories published, which, compared with 2020's number of 249, shows the largest year-to-year growth in the history of the ICS-CERT program. The ever-increasing number of CVEs affecting ICS environments highlights the near-impossibility of comprehensively addressing each specific vulnerability.

2021 also saw fundamental changes in the methods favored by cyber attackers, as well as more advanced and destructive supply chain attacks than ever before. Known recently-active ransomware groups include Maze, Lockbit, REvil, and DarkSide, though their activity levels can vary.

CVEs affecting ICS environments

By taking a closer look at vulnerabilities in ICS-CERT advisories from 2017 to 2021 classified by affected sector, a huge spike in vulnerabilities affecting Critical Manufacturing clearly stands out - 59.8% of CVEs identified in 2021 advisories are considered critical or high-risk.

While Critical Manufacturing is obviously in the lead, the Cybersecurity Report also shows a spike in CVEs which can be used to affect multiple sectors. Both attackers and researchers are likely to take more interest in these kinds of vulnerabilities in 2022 and 2023, because attackers can potentially exploit the same vulnerability across different kinds of operational environments.

"Our analysis of the 613 CVEs identified in advisories in 2021 that are likely to affect Critical Manufacturing environments shows that 88.8% of them might be leveraged by attackers to create an impact and cause varying degrees of disruption to ICS equipment and the environment," said Dr. Terence Liu, CEO of TXOne Networks. "For ICS environments, impact is a critical concern that includes damage or disruption to finances, safety, human lives, the environment, and equipment."

Supply Chain and Work Site Security

According to the Cybersecurity Report, while ICS-CERT shows information about CVEs that is immediately useful and necessary, it might be missing some information that can streamline the process of addressing them. More complete information provided by the National Vulnerability Database (NVD) can be critical in the creation of Software Bills of Materials (SBOMs) and the prevention of supply chain attacks, but almost 25% of CVEs take more than 3 months to reach this stage of documentation.

This underscores some crucial points. First, from a security point of view, no organization can depend on one source for cybersecurity information. In other words, ICS cybersecurity is a group effort that can't be effectively accomplished without comparing multiple sources of information. Second, due to an extended timeline for information availability, organizations can't rely on vendor patches or even released research to secure operations.

Leave a comment , ,

Germany Broadens Definition of ‘Critical Infrastructures’

Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector

The second amendment of the Ordinance on the Designation of Critical Infrastructures under the BSI Act entered into effect on January 1, 2022. Such amendment broadens the definition of “critical infrastructures,” which are of particular relevance for Germany’s foreign direct investment screening regime.

This amendment follows the latest update (the 17th amendment) to the Foreign Trade and Payments Ordinance (Außenwirtschaftsverordnung, AWV) which entered into effect on May 1, 2021. Such amendment materially expanded the catalogue of sectors of particular relevance to Germany’s order and security[1] and introduced more differentiated thresholds.

In addition, since May 28, 2021, a mandatory foreign direct investment (FDI) filing is triggered if the German target business develops or manufactures certain IT components which are used in critical infrastructures (so-called critical components).

The second amendment of the Ordinance on the Designation of Critical Infrastructures under the BSI Act (BSI-KritisV or Law) comprehensively revises the definitions and thresholds required to designate critical infrastructures (energy, water, nutrition, IT and telecommunication, health, finance and insurance, and transport and traffic). The following amendments of the Law will likely have the most significant impact on German FDI screening, further increasing the number of notifications to the German Ministry of Economics and Climate Action:

Definition of a “Facility”: The concept of a “facility” is generally an essential prerequisite for the assumption of a critical infrastructure under the BSI-KritisV. In addition to premises and other fixed installations, machinery, equipment, and other mobile installations, the updated “facility” definition now also explicitly includes software and IT services necessary for the provision of a critical service for the operation of a critical infrastructure. Relevant software and IT services do not need to be specially developed for the operation of critical infrastructures to fall in the scope of the updated “facility” definition. This may result in third-party IT and software service providers being designated as operators of a critical infrastructure.
Energy Sector: The thresholds for power plants to be considered a critical infrastructure were lowered from 420 megawatts to 104 megawatts. Further, the updated BSI-KritisV introduces new categories of facilities (trading systems and facilities relevant for the trade of gas or petroleum) and also lowers the existing threshold for trading systems and facilities relevant for the trade of electricity from 200 terawatt-hours to 3.7 terawatt-hours per year.
IT and Telecommunication Sector: The Law reduces the existing thresholds for internet exchange points (IXPs)—number of connected autonomous systems (annual average)—from 300 to 100, as well as the thresholds for computer centers/housing—contractually agreed installed power in megawatts—from 5 megawatts to 3.5 megawatts.
Health Sector: The Law introduces a new facility category, the so-called “laboratory information network”. A laboratory information network is a network of facilities or systems that provide IT services for diagnosis and therapy control in human medicine for at least one laboratory.
Finance and Insurance Sector: The Law introduces new facility categories related to the trading in securities and derivatives. These concern systems for generating orders for trading securities and derivatives and forwarding them to a trading venue exceeding 6,750,000 transactions per year; trading systems (as defined in Article 4 number 24 of Directive 2014/65/EU) exceeding 850,000 transactions per year; and other depository management systems exceeding 6,750,000 transactions per year.
Transport Sector: The Law introduces new facility categories—for instance, air and port traffic control centers, port information systems, and others.

The amendment of the Law will increase the number of businesses designated to be operators of a critical infrastructure. The Federal Ministry of Interior and Community estimated in this respect that the number of operators of critical infrastructures will increase from a total of approximately 1,600 to a total of approximately 1,870.

Operators of critical infrastructures are primarily subject to the obligations of the BSI-KritisV, in particular, notification of IT security breaches. In addition, the broadened definition of critical infrastructures may increase the number of mandatory notifiable transactions under the German FDI provisions. Foreign investors should therefore factor this into their diligence efforts when considering the acquisition of voting rights in German domiciled companies.

[Source: Morgan Lewis]
Leave a comment ,

Recommendations for the Implementation of an EU Strategy on Technology Infrastructures

Agency News, Cyber Security CII sector, Industry News

As technology infrastructures (TIs) are critical enablers for the European research, development and innovation ecosystems, the European Commission’s Joint Research Centre (JRC) and the European Association of Research and Technology Organisations (EARTO) recommend a pan-European, agile and sustainable environment for their development, accessibility and governance, within the framework of a dedicated EU strategy.

The key role of TIs in RD&I Ecosystems

TIs are (physical or virtual) facilities and equipment, such as demonstrators, testbeds, piloting facilities and living labs, capable of building bridges between science and the market.

They are mostly created, managed, maintained and upgraded by not-for-profit Research Performing Organisations (mainly Research and Technology Organisations – RTOs, and Technical Universities – TUs), which require dedicated and significant resources and competences.

TIs are open to a wide range of public and private users, large and small, collaborating with TI managers to jointly develop and integrate innovative technologies into new products, processes, and services.

Examples  of  technology  infrastructures  include  facilities  to  develop  electrolyser stacks,  biogas  plants,  clean-room  facilities  for  chip  production,  test  areas  for automated shipping or road traffic safety solutions, wind tunnels, testbeds for multi-functional nano-composites, multi-material 3D printing, thermo-plastics and industrial robotics.

Technology Infrastructures are major building blocks for Europe to deliver on its ambitions of making successful transitions to a sustainable, digital and resilient industry and society.

Industry’s innovation capacity, productivity and international competitiveness heavily depend on possibilities to develop, test, validate and upscale new technological solutions at an ever-faster pace.

Towards an EU strategy for technology infrastructures

A European Commission Staff Working Document on TIs published in 2019 recommended the development of an EU Strategy for Technology Infrastructures building on the experience and the framework of the European Strategy for Research Infrastructures (ESFRI) with its own specificities.

In this context, the JRC and EARTO launched a joint project on TIs to gather evidence and highlight the common specificities of TIs across Europe, assess the challenges they face over their whole lifecycle, and identify how their capacity could be further leveraged.

The JRC and EARTO have just published an analysis of the main strategic elements that would ensure an effective and sustainable management of an integrated landscape for TIs at the European level:

  • Combining and completing the existing repositories and mappings of TIs at EU level, covering both TIs’ locations and the services and facilities they offer, could be used to enable a better understanding of the TIs’ landscape by policymakers and users, foster accessibility to TIs, and create connections between complementary TIs.
  • Roadmapping of future needs for capital expenditure (CAPEX) investments in TIs should be organised with a sectorial value-chain and bottom-up approach, with the involvement of TIs’ stakeholders, by identifying the future needs for TIs in existing roadmaps linked to current EU instruments and actions (e.g. European Partnerships, European Research Area (ERA) Industrial Technology Roadmaps).
  • Setting up a mechanism to draw from sectorial roadmaps and prioritise investments in TIs at European level and/or to coordinate and synchronise national/regional TIs’ roadmaps in strategic sectors would be valuable to maximise the use of public funds.
  • Creating an agile Advisory Board will be necessary to operationalise the prioritisation of investments and the coordination of national/regional TIs’ roadmaps. The board should be composed of Member States experts responsible for TIs within national ministries, as well as relevant stakeholders including RTOs, technical universities, and industry (large and small).
  • TIs need to be developed and upgraded at the same fast pace as the technologies and the products that are developed and tested. A strengthened and clearer pathway of grant-based public support for CAPEX investments for the creation and upgrade of TIs, as well as creating synergies for more structural support at European, national, and regional levels would be essential, as the current funding landscape is very scattered. The support for the creation of new TIs should be designed in complementarity with the support for the upgrade of existing ones, taking a balanced approach between the two.
  • Pan-European accessibility to TIs should be facilitated by fostering the use of TIs in competitively funded projects at EU level, defining harmonised principles for access to TIs, and adopting a one-stop-shop approach in specific value-chains.
  • Creating thematic networks of TIs with a value-chain approach would enable to better integrate and structure the European landscape for TIs, foster capacity building across regions, and spread excellence and expertise to overcome the European innovation divide. Dedicated support and funding for network orchestration activities is needed to explore the full potential of TIs’ networks.
Leave a comment , ,

Deputy Secretary General stresses NATO will continue to increase Ukraine’s cyber defences

Agency News, Cyber Security CII sector, Industry News

Deputy Secretary General Mircea Geoană participated virtually at the Cybersec Global 2022 event. Focusing on the tensions between Russia and Ukraine during his keynote speech, the Deputy Secretary General stressed that NATO has been working with Ukraine for years to increase its cyber defences, and will continue to do so at pace.

He said: “The use of hybrid attacks against Ukraine, including cyber-attacks and disinformation, as well as the massing of advanced weapons on its borders, underlines the key role of advanced technology in modern warfare”.

The Deputy Secretary General pointed out that “China and Russia are investing heavily and deploying new technologies with little regard for human rights or international law, aggressively challenging our technological edge”. He recalled that last summer Allies had agreed a new comprehensive cyber defence policy for NATO and went on to say that “we are strengthening our cyber defences and increasing the resilience of our critical infrastructure and supply chains to reduce our vulnerabilities”.

The Deputy Secretary General also noted NATO’s leading role with regard to the new technologies, in areas such as artificial intelligence, autonomous systems, biotechnology, big data, hypersonics, quantum computing and space. He underlined that to avoid any technology gaps, “we are making sure that transatlantic innovation benefits all Allies”. Mr. Geoană emphasized that NATO’s strength comes from its unity and its ability to adapt to remain strong and “retaining our technological edge is a big part of this”, he added.

Leave a comment , , ,

CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats

Agency News, Cyber Security CII sector, Industry News

In response to recent malicious cyber incidents in Ukraine—including the defacement of government websites and the presence of potentially destructive malware on Ukrainian systems—CISA has published CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats. The CISA Insights strongly urges leaders and network defenders to be on alert for malicious cyber activity and provides a checklist of concrete actions that every organization—regardless of sector or size—can take immediately to:

- Reduce the likelihood of a damaging cyber intrusion,
- Detect a potential intrusion,
- Ensure the organization is prepared to respond if an intrusion occurs, and
- Maximize the organization’s resilience to a destructive cyber incident.

CISA urges senior leaders and network defenders to review the CISA Insights and implement the cybersecurity measures on the checklist.

Leave a comment , ,

Artificial Intelligence: How to make Machine Learning Cyber Secure

Agency News, Cyber Security CII sector, Industry News

Machine learning (ML) is currently the most developed and the most promising subfield of artificial intelligence for industrial and government infrastructures. By providing new opportunities to solve decision-making problems intelligently and automatically, artificial intelligence (AI) is applied in almost all sectors of our economy.

While the benefits of AI are significant and undeniable, the development of AI also induces new threats and challenges, identified in the ENISA AI Threat Landscape.

How to prevent machine learning cyberattacks? How to deploy controls without hampering performance? The European Union Agency for Cybersecurity answers the cybersecurity questions of machine learning in a new report recently published.

Machine learning algorithms are used to give machines the ability to learn from data in order to solve tasks without being explicitly programmed to do so. However, such algorithms need extremely large volumes of data to learn. And because they do, they can also be subjected to specific cyber threats.

The Securing Machine Learning Algorithms report presents a taxonomy of ML techniques and core functionalities. The report also includes a mapping of the threats targeting ML techniques and the vulnerabilities of ML algorithms. It provides a list of relevant security controls recommended to enhance cybersecurity in systems relying on ML techniques. One of the challenges highlighted is how to select the security controls to apply without jeopardising the expected level of performance.

The mitigation controls for ML specific attacks outlined in the report should in general be deployed during the entire lifecycle of systems and applications making use of ML.

Machine Learning Algorithms Taxonomy

Based on desk research and interviews with the experts of the ENISA AI ad-hoc working group, a total of 40 most commonly used ML algorithms were identified. The taxonomy developed is based on the analysis of such algorithms.

The non-exhaustive taxonomy devised is to support the process of identifying which specific threats target ML algorithms, what are the associated vulnerabilities and the security controls needed to address those vulnerabilities.

The EU Agency for Cybersecurity continues to play a bigger role in the assessment of Artificial Intelligence (AI) by providing key input for future policies. The Agency takes part in the open dialogue with the European Commission and EU institutions on AI cybersecurity and regulatory initiatives to this end.

Leave a comment , , ,

ESF Members, NSA and CISA publish the fourth installment of 5G cybersecurity guidance

Cyber Security CII sector, Industry News

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published the fourth installment on securing integrity of 5G cloud infrastructures, Ensure Integrity of Cloud Infrastructure. As 5G networks and devices continue to increase in popularity, the importance of platform security to harden your systems against malicious cyber activity and persistence is apparent.

This guidance has been created by the Critical Infrastructure Partnership Advisory Council (CIPAC) Cross Sector Enduring Security Framework (ESF) Working Group - a public-private working group led by NSA and CISA, that provides cybersecurity guidance addressing high priority threats to the nation’s critical infrastructure.

Ensure Integrity of Cloud Infrastructure provides guidance on platform integrity, build time security, launch time integrity, and micro services infrastructure integrity. An industry trend has been to deploy stand-alone 5G core using virtualized functions of micro services on an architecture that provides rapid enablement of services. It is imperative for device and system security that the underlying 5G cloud infrastructure platform on which micro services are deployed, or orchestrated, have been designed and built securely and continue operating as intended.

"A secure 5G core requires cybersecurity mitigations that are implemented at the foundation level and carried forward," said Jorge Laurel, NSA Project Director for ESF. "A secure underlying foundation ensures the services deployed on the network are done so on a secure infrastructure, which further strengthens the security of data across the network."

“The document provides actionable advice for 5G operators, said Neal Ziring, NSA Cybersecurity Technical Director. “The fourth installment in the series covers an essential topic: integrity. Integrity is the most fundamental security property, and ensuring integrity from base hardware up through the software stack is critical for maintaining trustworthy 5G services.”

“The issues facing the cloud community, such as lateral movement to pod security and infrastructure integrity, are complex as are their solutions,” said Alaina Clark, Assistant Director of Stakeholder Engagement, CISA. “This series demonstrates the value of collaboration, spotlighting several cyber best practices that cloud providers, mobile network operators, and customers alike can implement for long-term security benefits. With our ESF government and industry associates, CISA will continue working with the Cloud and 5G communities to secure our Nation’s network infrastructure through partnership efforts like this.”

Leave a comment , ,

CISA Issue Apache Log4j Vulnerability Guidance

Agency News, Association News, Cyber Security CII sector

CISA and its partners, through the Joint Cyber Defense Collaborative, are responding to active, widespread exploitation of a critical remote code execution (RCE) vulnerability (CVE-2021-44228) in Apache’s Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications—as well as in operational technology products—to log security and performance information. An unauthenticated remote actor could exploit this vulnerability to take control of an affected system.

Apache released Log4j version 2.15.0 in a security update to address the CVE-2021-44228 vulnerability. However, in order for the vulnerability to be remediated in products and services that use affected versions of Log4j, the maintainers of those products and services must implement this security update. Users of such products and services should refer to the vendors of these products/services for security updates. Given the severity of the vulnerability and the likelihood of an increase in exploitation by sophisticated cyber threat actors, CISA urges vendors and users to take the following actions.

Vendors
Immediately identify, mitigate, and patch affected products using Log4j.
Inform your end users of products that contain this vulnerability and strongly urge them to prioritize software updates.
Affected Organizations
In addition to the immediate actions—to (1) enumerate external-facing devices that have Log4j, (2) ensure your SOC actions alerts on these devices, and (3) install a WAF with rules that automatically update—as noted in the box above, review CISA's upcoming GitHub repository

for a list of affected vendor information and apply software updates as soon as they are available. See Actions for Organizations Running Products with Log4j below for additional guidance. Note: CISA has added CVE-2021-44228 to the Known Exploited Vulnerabilities Catalog, which was created according to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities. In accordance with BOD 22-01, federal civilian executive branch agencies must mitigate CVE-2021-44228 by December 24, 2021.

Technical Details

This RCE vulnerability—affecting Apache’s Log4j library, versions 2.0-beta9 to 2.14.1—exists in the action the Java Naming and Directory Interface (JNDI) takes to resolve variables. According to the CVE-2021-44228 listing, affected versions of Log4j contain JNDI features—such as message lookup substitution—that "do not protect against adversary-controlled LDAP [Lightweight Directory Access Protocol] and other JNDI related endpoints."

An adversary can exploit this vulnerability by submitting a specially crafted request to a vulnerable system that causes that system to execute arbitrary code. The request allows the adversary to take full control over the system. The adversary can then steal information, launch ransomware, or conduct other malicious activity.
Actions for Organizations Running Products with Log4j

CISA recommends affected entities:

Review Apache’s Log4j Security Vulnerabilities page for additional information and, if appropriate, apply the provided workaround:
In releases >=2.10, this behavior can be mitigated by setting either the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true.
For releases from 2.7 through 2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m.
For releases from 2.0-beta9 to 2.7, the only mitigation is to remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class.
Apply available patches immediately. See CISA's upcoming GitHub repository for known affected products and patch information.

Prioritize patching, starting with mission critical systems, internet-facing systems, and networked servers. Then prioritize patching other affected information technology and operational technology assets.
Until patches are applied, set log4j2.formatMsgNoLookups to true by adding -Dlog4j2.formatMsgNoLookups=True to the Java Virtual Machine command for starting your application. Note: this may impact the behavior of a system’s logging if it relies on Lookups for message formatting. Additionally, this mitigation will only work for versions 2.10 and above.
As stated above, BOD 22-01 directs federal civilian agencies to mitigate CVE-2021-44228 by December 24, 2021, as part of the Known Exploited Vulnerabilities Catalog.

Conduct a security review to determine if there is a security concern or compromise. The log files for any services using affected Log4j versions will contain user-controlled strings.
Consider reporting compromises immediately to CISA and the FBI.
.

Leave a comment , , ,

DHS Announces New Cybersecurity Requirements for Surface Transportation Owners and Operators

Agency News, Cyber Security CII sector, Industry News

DHS’s Transportation Security Administration (TSA) has announced two new Security Directives and additional guidance for voluntary measures to strengthen cybersecurity across the transportation sector in response to the ongoing cybersecurity threat to surface transportation systems and associated infrastructure. These actions are among several steps DHS is taking to increase the cybersecurity of U.S. critical infrastructure.

“These new cybersecurity requirements and recommendations will help keep the traveling public safe and protect our critical infrastructure from evolving threats,” said Secretary of Homeland Security Alejandro N. Mayorkas. “DHS will continue working with our partners across every level of government and in the private sector to increase the resilience of our critical infrastructure nationwide.”

TSA is increasing the cybersecurity of the transportation sector through Security Directives, appropriately tailored regulations, and voluntary engagement with key stakeholders. In developing its approach, including these new Security Directives, TSA sought input from industry stakeholders and federal partners, including the Department’s Cybersecurity and Infrastructure Security Agency (CISA), which provided expert guidance on cybersecurity threats to the transportation network and countermeasures to defend against them.

The TSA Security Directives announced today target higher-risk freight railroads, passenger rail, and rail transit, based on a determination that these requirements need to be issued immediately to protect transportation security. These Directives require owners and operators to:

- designate a cybersecurity coordinator;
- report cybersecurity incidents to CISA within 24 hours;
- develop and implement a cybersecurity incident response plan to reduce the risk of an operational disruption; and,
- complete a cybersecurity vulnerability assessment to identify potential gaps or vulnerabilities in their systems.

TSA is also releasing guidance recommending that all other lower-risk surface transportation owners and operators voluntarily implement the same measures. Further, TSA recently updated its aviation security programs to require that airport and airline operators implement the first two provisions above. TSA intends to expand the requirements for the aviation sector and issue guidance to smaller operators. TSA also expects to initiate a rule-making process for certain surface transportation entities to increase their cybersecurity resiliency.

These efforts are part of a series of new steps to prioritize cybersecurity across DHS. Secretary Mayorkas first outlined his vision for the Department’s cybersecurity priorities in March, which included a series of focused 60-day sprints designed to elevate existing work, remove roadblocks to progress, and launch new initiatives and partnerships to achieve DHS’s cybersecurity mission and implement Biden-Harris Administration priorities. To learn more about the sprints, please visit www.dhs.gov/cybersecurity.

Leave a comment , , ,
1 11 12 13 14 15 28