Skip to content
Search AI Powered
Human content, AI powered search.

Latest Stories

TSA rule would require cyber risk management for railroads

image of laptops and cables to suggest computer hackers

Proposed rule follows White House warning about China hacking efforts against trucking sector.

Ben Ames
By Ben AmesNov 07, 2024
Ben Ames
Ben Ames is Editor at Large and a Senior Editor at Supply Chain Xchange's sister publication, DC Velocity.
See Full Bio

The federal Transportation Security Administration (TSA) yesterday proposed a rule that would mandate some surface transportation owners and operators, including those running pipelines and railroads, to meet certain cyber risk management and reporting requirements.

The new rule would require:

  • Owner/operators of pipelines and/or railroads that have a higher cybersecurity risk profiles to establish and maintain a comprehensive cyber risk management program;
  • Owner/operators that are currently required to report significant physical security concerns to TSA to also report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency; and
  • Higher-risk pipeline owner/operators to designate a physical security coordinator and report significant physical security concerns to TSA.

By publishing a “notice of proposed rulemaking” in the Federal Register, Federal Register, which is the daily journal of the U.S. government, TSA has initiated a 60-day period for public comment from any interested party and an additional 30 days for reply comments.

"TSA has collaborated closely with its industry partners to increase the cybersecurity resilience of the nation's critical transportation infrastructure," TSA Administrator David Pekoske said in a release. "The requirements in the proposed rule seek to build on this collaborative effort and further strengthen the cybersecurity posture of surface transportation stakeholders. We look forward to industry and public input on this proposed regulation."

The notice came a week after a White House representative warned the trucking freight industry that the People’s Republic of China (PRC) has remained the most active and persistent cyber threat to the U.S. government, private sector, and critical infrastructure networks. The briefing came from a member of the administration’s Office of the National Cyber Director, in an address to attendees at the National Motor Freight Traffic Association (NMFTA)’s Cybersecurity Conference.

“In January, the National Cyber Director testified in front of Congress along with colleagues from CISA, NSA, and the FBI about this threat from the PRC, dubbed Volt Typhoon,” speaker Stephen Viña said in his remarks. “Volt Typhoon conducted cyber operations focused not on financial gain, espionage, or state secrets but on developing deep access to our critical infrastructure. This includes the energy sector transportation systems, among many others. A prolonged interruption to these critical services could disrupt our ability to mobilize in the event of a national emergency or conflict and can create panic among our citizens. Ultimately, if trucking stops, America stops.”

TechnologyArticleMove
cyber risk managementnmftapipelinerailtransportation security administrationtrucking industrychinasupply chain resiliencycybersecurity
TechnologyArticleMove
cyber risk managementnmftapipelinerailtransportation security administrationtrucking industrychinasupply chain resiliencycybersecurity

Recent

minority woman with charts of business progress
Procure

Study: Inclusive procurement can fuel economic growth

Blog

Navigating supply chain dynamics

More Stories

An illustration of a two-lane road with a question mark in the center.

2025 Logistics Outlook: Cautious optimism tempered by tough realities

The year 2024 was by all accounts one of struggle and perseverance for supply chain practitioners. No one was immune, from shippers and their third-party service providers, to the truckers providing freight capacity, brokers managing transportation, and technology providers seeking to deliver the next big tech innovation.

At this time last year, many in the industry thought the back half of 2024 would provide at least a ray of hope for a rebound. However, 2024 came to a close with many of the same pressures and challenges that marked its beginning.

Keep ReadingShow less
chart of ransomware payments from cyber attacks

Moody’s: Hackers target bigger game in their hunt for profits

Hackers are beginning to extend their computer attacks to ever-larger organizations in their hunt for greater criminal profits, which could drive an anticipated increase in credit risk and push insurers to charge more for their policies, according to the “2025 Cyber Outlook” from Moody’s Ratings.

In Moody’s forecast, cyber risk will intensify in 2025 as attackers switch tactics in response to better corporate cyber defenses and as advances in artificial intelligence increase the volume and sophistication of their strikes. Meanwhile, the incoming Trump administration will likely scale back cyber defense regulations in the US, while a new UN treaty on cyber crime will strengthen the global fight against this threat, the report said.

Keep ReadingShow less
AI image of a dinosaur in teacup

The new "Amazon Nova" AI tools can use basic prompts--like "a dinosaur sitting in a teacup"--to create outputs in text, images, or video.

Amazon to release new generation of AI models in 2025

Logistics and e-commerce giant Amazon says it will release a new collection of AI tools in 2025 that could “simplify the lives of shoppers, sellers, advertisers, enterprises, and everyone in between.”

Benefits for Amazon's customers--who include marketplace retailers and logistics services customers, as well as companies who use its Amazon Web Services (AWS) platform and the e-commerce shoppers who buy goods on the website--will include generative AI (Gen AI) solutions that offer real-world value, the company said.

Keep ReadingShow less
diagram of blue yonder software platforms

Blue Yonder users see supply chains rocked by hack

Grocers and retailers are struggling to get their systems back online just before the winter holiday peak, following a software hack that hit the supply chain software provider Blue Yonder this week.

The ransomware attack is snarling inventory distribution patterns because of its impact on systems such as the employee scheduling system for coffee stalwart Starbucks, according to a published report. Scottsdale, Arizona-based Blue Yonder provides a wide range of supply chain software, including warehouse management system (WMS), transportation management system (TMS), order management and commerce, network and control tower, returns management, and others.

Keep ReadingShow less
drawing of person using AI

Amazon invests another $4 billion in AI-maker Anthropic

Amazon has deepened its collaboration with the artificial intelligence (AI) developer Anthropic, investing another $4 billion in the San Francisco-based firm and agreeing to establish Amazon Web Services (AWS) as its primary training partner and to collaborate on developing its specialized machine learning (ML) chip called AWS Trainium.

The new funding brings Amazon's total investment in Anthropic to $8 billion, while maintaining the e-commerce giant’s position as a minority investor, according to Anthropic. The partnership was launched in 2023, when Amazon invested its first $4 billion round in the firm.

Keep ReadingShow less
Copyright ©2025.