Christopher Bing

(Reuters) -The Transportation Security Administration is introducing new regulations which will require U.S. airport and railroad operators to enhance their cybersecurity procedures. This was announced by Alejandro Mayorkas, Homeland Security Secretary.

It will be mandatory that “higher-risk” U.S. railway transit companies as well “critical” U.S. aircraft and operator operators do the following: Name and disclose hackers to the government, prepare recovery plans should an attack occur and name and describe a chief cybersecurity official.

The planned regulations come after cybercriminals attacked a major U.S. pipeline operator https://www.reuters.com/business/colonial-pipeline-ceo-tells-senate-cyber-defenses-were-compromised-ahead-hack-2021-06-08, causing localized gas shortages along the U.S. East Coast in May. New cybersecurity rules were established for pipeline owners following the incident in July.

Mayorkas stated that “whether by land or air, our transport systems are of the utmost strategic significance to our national security and economic stability.” “The last year and a half has powerfully demonstrated what’s at stake.”

The ransomware attacks that are targeting critical infrastructure firms have been a key factor in the development of these policies.

“It’s the first of its kind with respect to the cyber focus,” said a senior homeland security official, who declined to be named, about the railway security directive and an update to aviation security programs.

Ransomware is a malware type that locks down a computer system and demands payment in cryptocurrency. It has been increasing in popularity in recent years.

“If transportation does not work, if people can’t go from A to B, then it can create pressure pretty quickly [to pay the ransom]The senior official said,

The announcement also follows reports in June https://www.nytimes.com/2021/06/02/nyregion/mta-cyber-attack.html of a Chinese hacking group infiltrating New York City’s Metropolitan Transportation Authority and an August 2020 ransomware attack https://www.inquirer.com/transportation/septa-malware-attack-employees-riders-app-announcements-20200824.html against the Southeastern Pennsylvania Transportation Authority, causing a disruption to services.

Together with federal agencies including the FBI and Homeland Security Department, they investigated the MTA-related incident.

According to a senior official, last month the TSA informed the private sector of the imminent regulations. The agency currently receives feedback.

These regulations will be in effect by the end 2021.