Back in December 2021, the U.S. Transportation Security Administration released security directives for rail and rail transit groups designed to bolster cybersecurity risk management. This risk of cyberattacks has become more evident and in response, the TSA has directed rail operators to take four immediate actions within the following deadlines: 

  1. By January 6th, 2022: Designate a cybersecurity coordinator

  2. Effective Immediately: Report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours of detection 

  3. By March 31st, 2022: Complete vulnerability assessments to address risks both within Information (IT) and Operational (OT) technology systems

  4. By June 29th, 2022: Develop a cybersecurity incident response plan based on security issues discovered

Read our blog article for an explanation of each requirement and show how Shift5 can help.


Wait… OT systems?

Yes. A common concern we constantly raise is the lack of visibility into onboard Operational Technology (OT) networks, including digital components like engine and transmission controllers; braking systems, power/electrical controls; and command and control displays; among others. Legacy OT assets, especially those that are Internet-accessible, are not effectively monitored to mitigate OT assets for malicious activity, leaving them unprotected. 

If you want to begin monitoring rail OT for cyber threats >> START HERE

The imminent threat of cyber attacks within transportation only continues to grow.

The invasion of Ukraine and the sanctions imposed by the West on Russia and its oligarchs have raised international tensions to levels not seen in a generation. In March, The White House reiterated its warnings to private owners and operators of critical infrastructure, including transportation, adding that “evolving intelligence” indicates Russia may be poised to conduct a cyber attack at any moment. These organizations in critical sectors simply cannot delay taking proactive measures to ensure their cyber resiliency. 

With this in mind, rail owners and operators should have completed the following by now:

  • Appointed a cybersecurity coordinator for all cyber-related incidents, activities, and communication between the rail organization and TSA / CISA

  • Completed a cybersecurity vulnerability assessment for both IT and OT systems to identify gaps

  • Analyzed vulnerability findings with recommended actions to reduce risk and inform an incident response plan for both IT and OT systems threats.

The stakes for transportation infrastructure cybersecurity are high, and recent cyber attacks demonstrate risk has moved from a hypothetical to a reality. Shift5 can help rail owners and operators meet TSA requirements to keep trains running in a contested cyber environment.

About Shift5

Shift5 is the OT cybersecurity company that protects the world’s transportation infrastructure and weapons systems from cyberattacks. Created by founding members of the U.S. Army Cyber Command who pioneered modern weapons system cyber assessments, Shift5 defends military platforms and commercial transportation systems against malicious actors and operational failures. Customers rely on Shift5 to detect threats and maintain the resilience of a wide variety of operational technology systems, including aviation, rail and metro, defense, helicopters, and other heavy fleet machinery.