TSA’s Proposed Cybersecurity Rule for the Transportation Sector – The Need for Penetration Testing

In an era where cyber threats are increasingly sophisticated, the Transportation Security Administration (TSA) has proposed a new set of cybersecurity requirements targeting the pipeline, rail, and over-the-road bus (OTRB) sectors. This Notice of Proposed Rulemaking (NPRM) aims to strengthen protections for critical infrastructure by mandating a comprehensive Cyber Risk Management (CRM) program for certain transportation operators.

Why TSA’s Rule Emphasizes Cybersecurity in Transportation

The importance of this rule became evident after the 2021 ransomware attack by DarkSide, a Russian cybercriminal group, which disrupted operations of a major pipeline and caused significant economic and operational fallout. This incident underscored the vulnerability of the transportation sector to cyber threats. TSA responded by issuing Security Directives (SDs) that called for immediate action to protect critical systems in surface transportation, targeting both cybersecurity and physical security vulnerabilities.

As seen here, this rule proposes:

  • To require that certain pipeline, freight railroad, passenger railroad and rail transit owner/operators with higher cybersecurity risk profiles establish and maintain a comprehensive cyber risk management program.
  • To require these owner/operators, and higher-risk bus-only public transportation and over-the-road bus owner/operators, currently required to report significant physical security concerns to TSA to report cybersecurity incidents to CISA
  • To extend to higher-risk pipeline owner/operators TSA’s current requirements for rail and higher-risk bus operations to designate a physical security coordinator and report significant physical security concerns to TSA

Brackish Can Help Meet TSA’s Requirements

Penetration testing is essential in helping transportation operators meet TSA’s CRM requirements. Through penetration testing, operators can identify hidden vulnerabilities and proactively address potential risks in their systems.

In addition to penetration testing, our attack surface monitoring tool, Pincher, provides ongoing visibility into an organization’s external-facing assets. Pincher continuously scans and monitors for potential exposures or misconfigurations across an organization’s digital footprint, helping to identify vulnerabilities as soon as they appear. By leveraging Pincher alongside penetration testing, operators can adopt a comprehensive, proactive approach to their cybersecurity posture.

Pincher supports compliance with TSA’s requirements by:

Enabling Real-Time Monitoring: Pincher provides timely insights into an organization’s attack surface, allowing for swift action on identified vulnerabilities and maintaining the integrity of Critical Cyber Systems.

Providing Actionable Alerts: With Pincher, operators receive real-time alerts on potential security issues, helping ensure a rapid response to newly identified risks.

Please reach out to us if you have any questions. Let’s Make the Bad Guys Salty!

Share the Post:

Related Posts

Join Our Newsletter