In October 2022, the Transportation Security Administration (TSA) announced a security directive called Rail Cybersecurity Mitigation Actions and Testing that affects cybersecurity policy for all rail transportation throughout the United States. In July 2024, a new memorandum was added clarifying the original directive. In this webinar, we break down how to implement a cybersecurity threat awareness program to adapt to the new directives.
As part of the updated TSA directives, all rail carriers working within the US must “implement continuous monitoring and detection policies and procedures to detect cybersecurity threats and correct anomalies,” develop a cybersecurity assessment plan, and take additional action to defend against cyber threats.
In this one-hour conversation, rail cybersecurity experts from Cylus and Digi International share insights on how rail owners/operators can introduce cybersecurity detection plans and prepare with the proper hardware and software requirements in time to meet the TSA’s demands. The experts introduced the Cylus security solution as well as Digi’s 5G rail router solution and what makes it unique in the industry.
Connect with Digi
Want to learn more about how Digi can help you? Here are some next steps:
Follow-up Webinar Q&A
In our recent webinar, rail cybersecurity experts from Cylus and Digi International discussed cybersecurity detection strategies for rail operators to meet TSA requirements. The experts introduced the Cylus security solution as well as Digi’s 5G rail router solution and what makes it unique in the industry. If you have additional questions, be sure to reach out.
Moderator: Mitch Sinon, Digi International
Presenters:
- Yori Korlander, Technical Director, Cylus
- Steve Mazur, Director, Public Sector, Digi International
Do TSA security directives typically survive changing administrations?
Steve: A timely question. So, cybersecurity policy certainly is a national concern. These directives were developed with industry participation. They codified best practices for a common goal. Not just the federal government, but also for industry as well, and they're fairly new. There's nothing really political in a market sector cybersecurity policy directive, so I can't imagine that anything would change with these. They certainly have good solid background, and not just from government. It's an industry and government joint effort.
What are some of the immediate steps rail operators can take to strengthen their cybersecurity posture while they work towards full compliance with the TSA directives?
Yoni: So, there are several steps. I think the most important ones are conducting risk assessment and inventory of your critical assets, especially the critical assets, whether it's signaling or PTC devices. Basic cyber hygiene practices, like enforcing strong passwords and updating security patches regularly, can reduce risk, of course. Vulnerability management, and the prioritization of it, is one key aspect, and of course, you probably know, multi-factor authentications are very, very important. If applicable, you should apply it to your network.
The directives mandate regular security patch updates. Can Digi and Cylus improve the efficiency of this process?
Steve: So, part of this was addressed in the presentation. Where we can help in that is where one would like to update the firmware and configuration on a Digi router, like Digi TX64 5G Rail. And we've really made that risk-free, where you can do it when the vehicle is out of service. It's automated. And also, rail vehicles have so many connections and other devices, and where perhaps a firmware or a configuration is not working well, the Digi Remote Manager® platform also keeps a copy of the configuration in it, so one can back out a configuration, or return to the previous firmware with ease as well. So, it provides that flexibility, should there be some need to return to earlier firmware. And then, once, of course, all those systems are retested, with this new firmware, the next step is fleet deployment. And that, of course, we've automated within the platform. So, as I mentioned, it can be done out of service, to hundreds or thousands of rail vehicles with a few clicks on the management platform.
Can you import IP addresses into Cylus that you wish to block?
Yoni: Great question. So, CylusOne, out of the box, is completely non-intrusive, so it doesn't block communication. It just sort of eavesdrops on the network, reading the information. You can define rules to be alerted when certain IP addresses or IP segments appear in the network. We do have an experience with one customer that asked for an integration from Cylus to his firewall device, and, by clicking on a button in the alert page of Cylus, and by that, adding an access list to the firewall, but that's not a practice we see every day, especially in OT and rail networks. Thank you for that question.