Cybersecurity Regulations for Passenger and Freight Railroads Renewed by TSA

The Transportation Security Administration (TSA) has renewed cybersecurity directives for passenger and freight railroad carriers. The directives require operators to test their cybersecurity incident response plans annually, submit updated cybersecurity assessment plans, and report on the effectiveness of their efforts. Carriers are also required to implement network segmentation policies, access control measures, detection policies for cyber threats, and timely patching or updating processes. The rules aim to strengthen cybersecurity measures in the rail industry, which has experienced cyberattacks in recent years. The TSA has worked with other agencies to develop these regulations, and they have been revised to be more performance-based. The renewal extends the rules for another year.