On October 24, 2022, the Transportation Security Administration ("TSA") released Security Directive 1580/82-2022-01 regarding "Rail Cybersecurity Mitigation Actions and Testing." The directive is applicable to freight railroad carriers identified in 49 C.F.R. 1580.101 and other TSA-designated freight and passenger railroads. This Security Directive follows last year's Security Directive 1580-21-01, "Enhancing Rail Cybersecurity" and is part of a significant effort to increase cybersecurity standards for critical infrastructure in many industry sectors.
"The goal of [the] Security Directive is to reduce the risk that cybersecurity threats pose to critical railroad operations and facilities through implementation of layered cybersecurity measures that provide defense-in-depth." The Security Directive requires the establishment and implementation of a TSA-approved Cybersecurity Implementation Plan and establishment of a Cybersecurity Assessment Program with an annual plan submitted to TSA.
TSA issued the Security Directive after consulting with the Cybersecurity and Infrastructure Security Agency, the Department of Defense, and the Department of Transportation.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.