A bipartisan group of senators wants information about the processes and responsibilities of the Homeland Security and Transportation departments to detect, prevent and respond to cyberthreats to the nation’s transportation systems.
In a letter Monday, lawmakers asked how the co-sector risk management agencies (co-SRMAs) are meeting their six responsibilities as prescribed in the National Defense Authorization Act of fiscal 2021: risk management, risk assessment, sector coordination, information sharing on physical and cybersecurity threats, incident management, and emergency preparedness.
The White House designated the nation’s transportation system one of 16 critical infrastructure sectors in 2013, but the ransomware attack on Colonial Pipeline in 2021 and the fact only 60% of state and local transit agencies have a cyber plan in place have lawmakers worried.
“[F]ederal efforts to ensure that our nation is properly prepared to address cybersecurity threats to the transportation system require a delicate balance to provide critical assistance to entities that need new or additional cybersecurity support, while recognizing effective practices that some entities already have in place,” the missive said.
“We recognize that DHS and DOT have the complex and enormous responsibility of ensuring the security and resilience of the nation’s transportation systems, supporting the systems’ ability to quickly, safely and securely move people and goods throughout the country and overseas,” the letter continued.
Lawmakers additionally want information on how both departments collaborate on risk management and split, in particular, law enforcement and safety responsibilities.
Given cyberthreats to the transportation system have changed since the release of the Transportation Systems Sector-Specific Plan in 2015, lawmakers also asked about efforts to update the policy document — noting the urgency.
“Our society and economy are increasingly dependent on computer networks and information technology solutions,” reads the letter. “Ransomware attacks on the transportation industry, just one derivative of cyberattacks, increased by 186% between June 2020 and June 2021.”