Protecting our critical infrastructure against the threat of ransomware remains a top priority for both the private sector and the federal government. In fact, a recent survey from Tripwire found that security professionals in both sectors still identify ransomware as a top security concern. More than half (53%) of respondents in that study said they were most concerned about ransomware, for instance. This was followed by vulnerability exploits, phishing, and social engineering at 35%, 34%, and 24%, respectively.

Survey: Security and Federal Government (Fall 2021), page 9

These findings aren’t a surprise in light of some of the ransomware attacks that made headlines in 2021. In particular, an incident involving a gas pipeline company back in May demonstrated the extent to which ransomware can disrupt normal life by targeting critical infrastructure systems. This explains why the Biden Administration has taken steps to modernize the nation’s cybersecurity, pressure Russian President Vladimir Putin to crack down on ransomware gangs operating out of Russia, and sanction cryptocurrency exchanges that have helped to facilitate ransomware payments.

What’s in the Transportation Security Agency’s New Security Requirements?

After updating their approach to protecting the pipeline sector, the Transportation Security Agency (TSA) has introduced an initial set of security requirements to improve cybersecurity across the transportation industry “in response to ongoing threats to surface transportation systems and associated infrastructure.” As such, it is part of a larger effort to secure U.S. critical infrastructure against ransomware and other digital threats.

Via the new security directives, the TSA requests immediate action from higher-risk freight railroads, passenger rail, and rail transit to protect transportation security. To meet the requirements, owners and operators must designate a cybersecurity coordinator, report cybersecurity incidents to CISA within 24 hours, develop and implement a cybersecurity incident response plan to reduce the (Read more...)