Hours before the State of the Union address, the Senate unanimously passed the Strengthening American Cybersecurity Act, which is actually various bills that have now been made into one piece of legislation. Months ago, the measures had previously been removed from the annual defense policy bill.
The Transportation Security Administration (TSA) issued two Directives focusing on the cybersecurity of both passenger and freight railroads. These directives are designed to help TSA and CISA feed technical intelligence such as indicators of compromise and vulnerability information back to the rail system customers to bolster their cybersecurity capabilities. At a time when increased cyber-attacks are being conducted against civilian critical infrastructure by both nation-states and cybercriminal actors, railway cybersecurity has gone neglected for far too long, particularly as more noteworthy attacks have occurred against other critical infrastructures.