Skip to content

Railway Operators Complying Federal Cybersecurity Requirements

A glimpse into the world of railway cybersecurity, CIOSEA News, ETCIO SEA

In recent years, the U.S. government has prioritized increasing cybersecurity in sectors that are critical to the country, most especially railway. This focus intensified after the ransomware attack on the Colonial Pipeline, a major fuel pipeline, which caused significant gas shortages and highlighted the need to protect U.S. infrastructure. In response to this threat, officials have emphasized the importance of strengthening the security of these industries.

In March 2022, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This law applies to agencies, organizations, and businesses whose service disruptions could harm economic security or public health and safety. Railways are one of the industries that are considered critical infrastructure under this act.

Railways Targeted by Cyberattacks in Recent Years

Railways have been the subject of several major attacks in recent years, including a data breach at China Railways (CR) in 2019 and breaches of 146 million records in the database of Network Rail and service provider C3UK, as well as a malware attack on Sadler, a railway equipment manufacturer. In October, President Biden released the Enhancing Rail Cybersecurity Directive from the Transportation Security Administration for critical infrastructure, which includes directives for railway companies.

TSA administrator David Pekoske said, “The nation’s railroads have a long track record of forward-looking efforts to secure their network against cyber threats and have worked hard over the past year to build additional resilience, and this directive, which is focused on performance-based measures, will further these efforts to protect critical transportation infrastructure from attack.”

Requirements of the Enhancing Railway Cybersecurity Directive

The new directive includes four main requirements:

  1. Designate a Cybersecurity Coordinator – Under this directive, railways must designate a cybersecurity coordinator who is responsible for implementing cybersecurity practices, managing cybersecurity incidents, and serving as a point of contact between the railway and both the TSA and the Cybersecurity and Infrastructure Security Agency (CISA) on cybersecurity matters. The coordinator must be available 24/7, so railways must also appoint a backup coordinator. Both coordinators must be U.S. citizens and eligible for security clearance.
  2. Report Cybersecurity Incidents to CISA – Under this directive, railways must report all cybersecurity incidents, including unauthorized access, malware, and DoS attacks, to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours of the event. The railway must provide detailed information about the incident, as well as its impact on the railway and the railway’s response to the incident.
  3. Develop a Cybersecurity Incident Response Plan – The directive requires railways to develop a plan that outlines how they will identify, isolate, and segregate infected systems and protect backed-up data. The plan should also establish processes and governance for isolating systems. Railways must adopt their plan within 180 days of the directive and must also conduct regular testing of the plan.
  4. Assess Cybersecurity Vulnerability – The directive requires railways to conduct an assessment to identify any gaps in their cybersecurity and document remediation measures. Railways must complete this assessment within 90 days of the directive.

The directive requires railways to identify any weaknesses in their cybersecurity and document steps to fix these issues through an assessment. This assessment must be completed within 90 days of the directive.


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com