The Transportation Security Administration wants to stand up an Information Sharing and Analysis Center that would provide security incident reporting, threat-monitoring and information sharing for mass transit and passenger rail service operators.
With cybersecurity incidents affecting surface transportation a growing threat to local governments and transit providers, the Transportation Security Administration wants to stand up a Public Transportation Information Sharing and Analysis Center. The PT ISAC would provide security incident reporting, threat-monitoring and information sharing for mass transit and passenger rail service operators.
A PT ISAC was first established in 2002, and now TSA wants a contractor to build on the previous work and manage and operate the ISAC, producing daily situational awareness reports for the public- and private-sector transit community, including over-the-road bus, light rail, commuter rail, subway, waterborne services and inter‑city and high-speed passenger rail services. The reports would cover “counter terrorism efforts, security incidents, cyber related events and awareness, and any other information that may be relevant regarding threats, counter measures, and security posture,” according to TSA’s Nov. 24 request for information.
Besides serving as a clearinghouse for information on threats, vulnerabilities and solutions to physical and cyber infrastructure threats, the PT ISAC will also send updates in the event of actual security threats or attacks against the transportation sector. Additionally, it will develop best practices and manage the Homeland Security Information Network’s public transportation information sharing portals and websites.
“Malicious cyber actors continue to target U.S. critical infrastructure, to include freight, passenger, and rail transit systems, with multiple cyberattack and cyber espionage campaigns. Recent ransomware attacks against the transportation sector underscore this threat,” the RFI states. “For this reason, information sharing with industry and government has never been more important than it is today.”
Read the full RFI here.
NEXT STORY: CISA issues enterprise mobile security checklist