TSA Security Directive Update: What it Means for Rail
In late 2023, the Transportation Security Administration (TSA) issued updates to three security directives regulating railroad carriers, as efforts to enhance cyber security of rail transportation systems and infrastructure continues. The revisions aim to further reinforce critical railroad cyber security preparedness and resilience, requiring TSA-specified railroad carriers take action in preventing “disruption and degradation to their infrastructure with a flexible, performance-based approach, consistent with TSA’s requirements”.
A closer look at the revised directives
The October updates were designed to help protect the nation's railroads from cyberattacks and safeguard critical infrastructure, ensuring the safe and reliable transportation of passengers and freight.
Let’s look more closely at the main desired outcomes of the directive updates:
Implement Cybersecurity Incident Response Plan (CIRP) exercise provisions.
Develop a Cybersecurity Assessment Plan.
All cybersecurity incidents must be reported to Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
Designate a Cybersecurity Coordinator who will be available to TSA and CISA, 24/7.
In the requirement outlined below, the directive recognises that the path to a comprehensively protected railway system is paved with meticulous planning, collaborative action, and the implementation of security controls. RazorSecure supports the rail industry with tailor-made solutions that translate stringent guidelines like network segmentation and access control into robust operational realities. Continuous monitoring and vulnerability management provide a shield against potential threats, safeguarding your critical infrastructure and passengers. The latest TSA update now sets out specific provisions to:
Establish and implement a TSA-approved Cyber Security Implementation Plan that outlines the specific measures taken, and the schedule for achieving the following outcomes:
Implement network segmentation policies and controls to ensure Operational Technology systems can continue to safely operate if they are compromised.
Implement access control measures to secure and prevent unauthorised access to Critical Cyber Systems.
Implement continuous monitoring and detection policies and procedures to detect cybersecurity threats and correct anomalies that affect Critical Cyber System operations.
Reduce the risk of unpatched systems being exploited by applying security patches and updates for operating systems, applications, drivers, and firmware on Critical Cyber Systems (in a timely manner using a risk-based methodology).
Navigating the Updated TSA Directives: How RazorSecure Can Help
RazorSecure is a leading provider of cyber security solutions for the transportation industry. We work closely with our customers in the development of holistic solutions designed to address their key cyber risks, and support rail owners and operators in achieving compliance with the latest TSA security directives.
Our comprehensive suite of services empowers organisations to effectively mitigate cyber security risks and meet the evolving regulatory landscape. Aligning with the updated TSA directive requirements, RazorSecure's product portfolio enables rail organisations to not only meet their legal obligations, but to do so seamlessly and effectively, and while helping achieve the 100% availability of their rail operations. Our solutions help owners and operators establish the following key controls required by the updated security directives:
Establish a Cyber Security Implementation Plan that includes:
Network segmentation policies and controls
RazorSecure’s Security Gateway is designed specifically to implement segmentation and separation of critical networks on rolling stock, serving as a centralised defence system for the comprehensive protection of public transportation and railroad networks. Security Gateway restricts access to critical systems and prevents unauthorised intrusion, alerting operators to any unauthorised traffic detected. When deployed with RazorSecure’s Delta Intrusion Detection System, wider network activity is also monitored, reliably detecting threats, anomalies, and changes in network configuration throughout the train, safeguarding against malware, ransomware, and other cyberattacks.
Access control measures
RazorSecure’s Digital Maintenance Gateway facilitates secure remote access to critical transportation infrastructure, enabling authorised personnel to perform maintenance and troubleshooting tasks without compromising security. This is achieved through deployment of a dedicated system on-board the train that provides a managed point of access, utilising multi-factor authentication and encryption to safeguard sensitive data, and prevent unauthorised access.
Continuous monitoring and detection policies
RazorSecure's Delta intrusion detection system is designed to continuously monitor the behaviour of both wayside and on-board systems, providing comprehensive host and network traffic analysis and real-time threat detection capabilities. The solution enables organisations to identify and classify malicious activity, help to prevent cyberattacks, and safeguard critical infrastructure. With deep insights into network traffic patterns, a wide range of threats are detected and prevented, including malware, phishing attacks, zero day attacks and unauthorised access attempts.
Delta's real-time threat detection capabilities provide organisations with immediate notification of potential cyberattacks, detecting behavioural anomalies and using machine learning algorithms to identify and classify malicious activity in real-time. This enables organisations to take immediate action to mitigate threats and prevent breaches.
Application of security patches and updates on Critical Cyber Systems
Data collected by RazorSecure's Edge agent creates a detailed and automated inventory of operational systems including software and configuration versions, facilitating the identification of vulnerabilities and prioritisation of patch deployment. RazorSecure's Digital Maintenance Gateway allows engineers to roll out patches and updates efficiently and securely, with built in processes for approval and auditing.
Summary
Superseding the previous TSA security directives, the latest updates are another step forward in protecting the nation's railroads from cyberattacks, demonstrating that cybersecurity regulations will remain a significant factor for consideration. By implementing the required measures, rail owners and operators are effectively addressing the challenges of the evolving threat landscape, while playing their part in protecting our nation's critical infrastructure and the people they serve. Public transportation and railroad organisations are encouraged to review the updated directives carefully and to take all necessary steps to comply with the new requirements.
RazorSecure is committed to helping rail organisations protect their critical infrastructure while complying with rail cybersecurity standards and regulations such as the latest TSA security directives. Contact us to discuss how our solutions can be matched to your unique challenges, or to further understand the innovation of our technology, reach out to our team for a demo.