During an era when federal pushes to increase infrastructure spending and heightened concerns over security risks across all sectors dominate headlines, recent news that the United States government is imposing cybersecurity regulations for rail transit made waves.

CBS News recently reported on the announcement that the federal government just imposed cybersecurity mandates for “higher risk” rail transit and railroad systems.

The Department of Homeland Security and Transportation Security Administration stated that freight trains and passenger transit rail systems will have to now report all cybersecurity incidents to the federal government within a 24-hour timeframe, put in place a 24/7 cybersecurity liaison with federal agencies, institute incident response plans, and conduct vulnerability assessments to address gaps in their cybersecurity protocols.

"These new cybersecurity requirements and recommendations will help keep the traveling public safe and protect our critical infrastructure from evolving threats," DHS Secretary Alejandro Mayorkas said in a statement that was published by CBS News.

Officials in the freight and passenger rail transit industries have pushed back at the idea of more federal regulations.

"Mandating a prescriptive 24-hour reporting requirement in a security directive could negatively affect cyber response and mitigation by diverting personnel and resources to reporting when incident response is most critical,” President and CEO of the American Public Transportation Association (APTA), wrote in a recent letter to U.S. lawmakers. "Additional personnel and resources needed to comply with the requirements will add significant compliance costs just as transit agencies are working to recover from the COVID-19 pandemic.”

Fears over continued cyberattacks on transportation systems is a very pressing concern for federal regulators and transit officials alike. In this year, alone, the nation has seen hacks result in supply chain shortages and fuel shortages — it does not seem out of the realm of possibility that our trains and passenger rail systems could be at elevated risk in the near future.

CBS’s report highlights a ransomware attack that affected the Southeastern Pennsylvania Transportation Authority in 2020. That service is behind Philadelphia’s rail transit system. In August 2020, the Philly Voice covered the attack, writing that hackers were able to temporarily achieve unauthorized access to the transit authority’s servers.

Cases like this are reminders that our transportation systems are particularly vulnerable, especially during high-travel periods like the holiday season and beyond.

As we have a continual national reckoning over how to keep our systems — from healthcare to banking — safe and secure, a focus will continue to be directed on our passenger and commercial trains.