TSA official: New security directive for rail operators reflects extensive industry input

A new cybersecurity directive for major rail operators embraces an “outcome-based” approach that will be reflected in a broader cyber regulatory proposal coming later this year, according to Transportation Security Administration policy leader Scott Gorton.

The new directive setting updated cyber requirements for rail will be issued as soon as today, Gorton said, and will include language requiring implementation of policies on network segmentation, access control, continuous detection and monitoring, and patch management.

But Gorton stressed that TSA has “listened...