The freight railroad industry is being held to a new standard. A Transportation Security Administration (TSA)-issued directive went into effect Dec. 31 requiring various cybersecurity enhancements. Recent incidents led the agency to issue similar directives to protect oil and the natural gas industries. In expanding the directive to the freight railroads, the agency seeks to subdue the “ongoing cybersecurity threat to surface transportation systems and associated infrastructure.”
The first of four “critical actions” involves designating a cybersecurity coordinator who’ll be the principal point of contact for the TSA and Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). The coordinator also will implement cybersecurity practices and manage incidents.
Senior Director of Information Technology Kelly Kinggo will serve as the Belt’s cybersecurity coordinator and Manager-Information Technology and Network Brandon Bondurant will be her alternate.
The TSA’s second critical action requires freight railroads to report cybersecurity incidents to CISA. The third action involves developing a Cybersecurity Incident Response Plan to “reduce the risk of operational disruption.” The fourth action requires freight railroads to conduct a cybersecurity vulnerability assessment; current practices will be evaluated and remediated if necessary.
Kinggo said the Belt is developing its response plan and will work with a contractor to implement it before the June deadline. A cybersecurity threat simulation also will be performed.
In the past, the Belt has done some mock phishing attempts among other exercises.
“In 2022, we want to make the company more vigilant and aware of potential cybersecurity incidents to protect the BRC network,” said Kinggo, who encourages employees to regularly change passwords and lock their computers when they step away from them.
“In 2022, we want to make the company more vigilant and aware of potential cybersecurity incidents to protect the BRC network.— Senior Director of Information Technology