Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security United States Government

US To Tell Critical Rail, Air Companies To Report Hacks, Name Cyber Chiefs (reuters.com) 23

The Transportation Security Administration will introduce new regulations that compel the most important U.S. railroad and airport operators to improve their cybersecurity procedures, Homeland Security Secretary Alejandro Mayorkas said on Wednesday. From a report: The upcoming changes will make it mandatory for "higher-risk" rail transit companies and "critical" U.S. airport and aircraft operators to do three things: name a chief cyber official, disclose hacks to the government and draft recovery plans for if an attack were to occur. The planned regulations come after cybercriminals attacked a major U.S. pipeline operator here, causing localized gas shortages along the U.S. East Coast in May. The incident led to new cybersecurity rules for pipeline owners in July.

"Whether by air, land, or sea, our transportation systems are of utmost strategic importance to our national and economic security," Mayorkas said. "The last year and a half has powerfully demonstrated what's at stake." A key concern motivating the new policies comes from a growth in ransomware attacks against critical infrastructure companies.

This discussion has been archived. No new comments can be posted.

US To Tell Critical Rail, Air Companies To Report Hacks, Name Cyber Chiefs

Comments Filter:
  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Thursday October 07, 2021 @08:35AM (#61869019)
    Comment removed based on user account deletion
  • To a bureaucratic mindset, more reporting is the answer to all problems.

    Still don't know why these critical devices are connected to the Internet in the first place. Something about convenience? Centralized control? They never heard of private networks?

    It's the Internet of Damn Things.
  • I assume they mean "have".

    Cybersecurity is virtually non-existent across the US private sector:

    1. SCADA devices are open on the Internet
    2. Computers are improperly patched to minimise downtime and Microsoft's systems are a joke
    3. Firewalls are poked full of holes so that the IT manager can sleep in and still monitor what everyone is doing
    4. Password rules result in horribly unsafe password practices
    5. Antivirus strategies are often based on who gives the best discounts rather than the best security
    6. Encrypted drives are all
    • by endus ( 698588 )

      1. Computers are improperly patched to minimise downtime and Microsoft's systems are a joke

      This might be my favorite one. Every single time an IT department starts patching their systems unplanned downtime just *evaporates*.

      Many years ago I worked somewhere that was constantly getting slammed by worms. Huge network, totally flat, oceans of shadow IT, life and death processes being supported, entire environment crippled. At some point, someone finally had the bright idea that maybe they should start patching the enterprise managed infrastructure.

      Enterprise assets instantly disappeared from the

  • If you want industries to clean up their cybersecurity act you need -

    1.) A detailed and comprehensive set of requirements, both technical and organizational, that they must comply with
    2.) A mandatory means of validating compliance with the requirements
    3.) Penalties for noncompliance whose costs outweigh the cost of implementing the security controls

    Without all three of those things this is just a complete waste of everyone's time. It will have no impact whatsoever.

    The fact that the government is asking for

No spitting on the Bus! Thank you, The Mgt.

Working...