U.S. to tell critical rail, air companies to report hacks, name cyber chiefs – Reuters

White House Press Secretary Jen Psaki listens as U.S. Secretary of Homeland Security Alejandro Mayorkas speaks about an investigation into the treatment of Haitian migrants on the U.S.-Mexican border, during the daily briefing in the Brady Press Briefing Room at the White House in Washington, U.S., September 24, 2021. REUTERS/Evelyn Hockstein
Oct 6 (Reuters) – The Transportation Security Administration will introduce regulations that compel the most important U.S. railroad and airport operators to improve their cybersecurity procedures, Homeland Security Secretary Alejandro Mayorkas said on Wednesday.
The upcoming changes will make it mandatory for "higher-risk" rail transit companies and "critical" U.S. airport and aircraft operators to do three things: name a chief cyber official, disclose hacks to the government and draft recovery plans for if an attack were to occur.
The planned regulations come after cybercriminals attacked a major U.S. pipeline operator, causing localized gas shortages along the U.S. East Coast in May. The incident led to new cybersecurity rules for pipeline owners in July.
"Whether by air, land, or sea, our transportation systems are of utmost strategic importance to our national and economic security," Mayorkas said. "The last year and a half has powerfully demonstrated what’s at stake."
A key concern motivating the new policies comes from a growth in ransomware attacks against critical infrastructure companies.
"It’s the first of its kind with respect to the cyber focus," said a senior homeland security official, who declined to be named, about the railway security directive and an update to aviation security programs.
Rafail Portnoy, Chief Technology Officer with the New York City Metropolitan Transportation Authority said it is "constantly vigilant against this global threat, and will ensure compliance with any TSA regulations."
The industry group Airlines for America said the issue is important to them and noted they already work closely with the TSA and other agencies on cyber security and noted they want to "reduce any potential duplicative reporting."
Ransomware, a type of malware variant that encrypts a victimized system until the owner pays a ransom in the form of cryptocurrency to the hacker, has become increasingly common in recent years.
"If transportation does not work, if people can’t go from A to B, then it can create pressure pretty quickly (to pay the ransom)," said the senior official.
The announcement also follows reports in June of a Chinese hacking group infiltrating New York City’s Metropolitan Transportation Authority and an August 2020 ransomware attack against the Southeastern Pennsylvania Transportation Authority, causing a disruption to services.
The Homeland Security Department helped investigate the MTA incident alongside other federal agencies, including the FBI.
Last month, the TSA notified the private sector about the impending regulations, said the senior official, and the agency is currently receiving feedback.
The regulations will become active before the end of 2021.
Our Standards: The Thomson Reuters Trust Principles.
Subscribe for our daily curated newsletter to receive the latest exclusive Reuters coverage delivered to your inbox.
Samsung Electronics Co Ltd said on Friday its third-quarter operating profit likely rose 28% to the highest in three years, driven by rising memory chip prices and display sales for smartphone makers' new flagship launches.
Reuters, the news and media division of Thomson Reuters, is the world’s largest multimedia news provider, reaching billions of people worldwide every day. Reuters provides business, financial, national and international news to professionals via desktop terminals, the world's media organizations, industry events and directly to consumers.
Build the strongest argument relying on authoritative content, attorney-editor expertise, and industry defining technology.
The most comprehensive solution to manage all your complex and ever-expanding tax and compliance needs.
The industry leader for online information for tax, accounting and finance professionals.
Information, analytics and exclusive news on financial markets – delivered in an intuitive desktop and mobile interface.
Access to real-time, reference, and non-real time data in the cloud to power your enterprise.
Screen for heightened risk individual and entities globally to help uncover hidden risks in business relationships and human networks.
All quotes delayed a minimum of 15 minutes. See here for a complete list of exchanges and delays.
© 2021 Reuters. All rights reserved

source