Kali on My Mind

Small Step Towards Protecting Critical Infrastructure

The TSA has announced that there will be new cybersecurity requirements on major railroads and subways. The Washington Post reported the mandate from the White House, writing “The coming directive will require the largest and most critical rail and transit systems to identify a cybersecurity point person, report incidents to the Cybersecurity and Infrastructure Security Agency (CISA) and create an incident recovery plan.” It’s almost like they’ve been reading this blog.

This is a step towards the type of protection we should be expecting for all of our infrastructure. Creating a set of expectations and a chain of command is the least we can do to try and prevent attacks against our most vulnerable targets. And while this is a good start, it should be far from the end. Other infrastructure could cause more than an inconvenience if it were to be shut down.

Early this year power outages in Texas proved to be deadly in some cases. And the Colonial pipeline that brought this issue into the limelight caused a run on gas across the eastern half of the US. How much chaos could be caused here in southern California if say, stoplights quit working? Or imagine the international issues that could come up if LAX were to shut down or lose power. These issues can only be mitigated before the attack. By the time we know we need better security it will be too late.