NERC CIP Bootcamp Giveaway – Enter to Win!
Support

SOLUTIONS

OT Asset Management
Configuration & Change Management
Policy Compliance
Vulnerability Management

PLATFORM

Industrial Defender Platform
Phoenix for SMBs
Services
Partners

INDUSTRIES

Power
Oil & Gas
Water
Manufacturing
US Government
See all

RESOURCES

Blog
Podcast
Resource Library
OT Cybersecurity Risk Assessment Calculator
Innovations by Industrial Defender
FAQ

COMPANY

About Us
How We Compare
Team
Events
Press
Careers
Contact Us

SUPPORT

REQUEST DEMO

Rail

A Breakdown of TSA’s Security Directive 1580-21-01A to Enhance Railroad Cybersecurity

Steve Kardon
November 1, 2022

On October 24, 2022, the Transportation Security Agency (TSA) issued Security Directive 1580-21-01A to enhance railroad cybersecurity. This Directive is in effect for one year and applies to freight railroad carriers (owners/operators) and other TSA-designated freight railroads. This rail Security Directive follows another similar one released this summer by the TSA for pipeline owners and operators, and the four key requirements of SD 2021-02B closely match the pipeline requirements.

The Security Directive builds on requirements from previous Directives that include designating a cybersecurity coordinator, reporting incidents to TSA and CISA, developing a Cybersecurity Incident Response Plan and performing a Cybersecurity Vulnerability Assessment. In addition to the Security Directive, the TSA released a 14-page document covering rail cybersecurity mitigation actions and testing which goes into detail about specific required actions, cybersecurity measures, record keeping and procedures.

Carriers must submit a cybersecurity implementation plan for TSA approval. Once approved by TSA, the plan will set the security measures and requirements against which TSA will inspect for compliance. The new Directive mandates that TSA-specified passenger and freight railroads must implement the following cybersecurity measures:

  1. Establish and implement a TSA-approved Cybersecurity Implementation Plan that describes the specific measures employed and the schedule for achieving the following:
    • “Implement network segmentation policies and controls to ensure that the Operational Technology system can continue to safely operate in the event that an Information Technology system has been compromised.
    • “Implement access control measures to secure and prevent unauthorized access to critical cyber systems.
    • “Implement continuous monitoring and detection policies and procedures to detect cybersecurity threats and correct anomalies that affect critical cyber system operations.
    • “Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers, and firmware on critical cyber systems in a timely manner using a risk-based methodology.”
  2. Establish a Cybersecurity Assessment Program and submit an annual plan to TSA that describes how the railroad will proactively test and regularly audit the effectiveness of cybersecurity measures, and identify and resolve device, network and/or system vulnerabilities.

Implementing the right OT cyber risk management foundation will ensure that rail carriers can identify, manage and report on everything happening inside their operational technology infrastructure.

Choosing a cybersecurity standard is a solid starting point to help rail owners and operators attain these objectives for achieving cyber resilience. The NIST CSF is an excellent choice for rail operators, and many other critical infrastructure organizations have implemented this framework successfully. Another great option to look at for rail is the ISA/IEC 62443 standards. Either of these security standards can help lay the groundwork for a measurable, provable cybersecurity program.

With the expanding anxiety around cyberattacks targeting rail critical infrastructure over the past two years, it's clear that having strong cyber resilience plans in place has never been more important, and is going to be a non-negotiable objective for rail carriers in 2023 and beyond.

NIST CSF Mapping Guide

View Resource

Stay up to date.

Sign up for our newsletter to receive the latest
Industrial Defender news, updates and content.

SOC 2® Type II Certified
PRODUCTS
Industrial Defender PlatformImmunity by IDBuilding DefenderRTAP
SERVICES
Cyber Diligence ServiceCopilOT ServiceTMCommissioningSupportTrainingSustain
SOLUTION BY TYPE
OT Asset ManagementVulnerability ManagementSecurity Event MonitoringCompliance Reporting
SOLUTION BY FUNCTION
SecurityComplianceOperationsExecutive
SOLUTION BY INDUSTRY
Building AutomationChemicalElectricFederal GovernmentFood & AgricultureMaritimeMetals & MiningOil & GasPharmaceuticalsRailWater
RESOURCES
Resource CollectionDefenderSphereIT-OT Integration LabOT Cybersecurity Risk CalculatorInnovations by ID
COMPANY
About UsHow We CompareTeamEventsPressCareersContact Us