New rules include reporting incidents to CISA and naming cybersecurity leads, but experts and industry representatives cite lack of input.

After issuing cybersecurity requirements for pipeline companies via two directives earlier this year, the Transportation Safety Administration (TSA) will now also issue cybersecurity requirements for rail systems and airport operators. The two pipeline directives followed a high-profile ransomware attack on Colonial Pipeline that shut off oil flow to the East Coast in May, sparking gas shortages and panic buying.

“TSA’s broad responsibilities cover security at our airports, highways, and traffic management systems, pipelines, mass transit terminals and hubs, and subways and metros that carry billions of passengers every year,” Department of Homeland Security (DHS) Secretary Alejandro Mayorkas said in announcing the new regulations yesterday. “Whether by air, land, or sea, our transportation systems are of utmost strategic importance to our national and economic security.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Iwan Shimko on Unsplash