National Institute of Standards and Technology’s (NIST) cybersecurity framework will be put to the test as Washington, D.C., area’s Metro system will now use the standard to test software and hardware proposed for its new project.
This move came after U.S. senators raised security concerns about a new line of railcars the system is going to purchase, according to a report in Cyberscoop.
Govt., Private Sector Need to Unite on Cyber: Report
Safety, Security, Privacy in Interconnected World
DDoS Attacks, Fewer in Quantity, More Sophisticated
Russia, China can Disrupt Critical Infrastructure
Bidders on the railcar procurement, worth an estimated $1 billion and covering up to 800 railcars, also will have to show evidence a third party tested their software or hardware, said Washington Metropolitan Area Transit Authority Chief Executive Paul J. Wiedefeld.
The NIST framework, which sees use throughout industries and government agencies, is a key part of the updated request for proposal, Wiedefeld wrote in a letter to Democratic senators from Virginia and Maryland, according to the report.
The senators had expressed security concerns over the railcar procurement after reports a Chinese state-owned manufacturing company could win the bid, according to the Cyberscoop report. They asked if Metro would consult with defense officials before allowing foreign-government-built railcars to stop at the Pentagon, which is part of the Metro system. Alluding to China, the senators wanted to know if Metro would consider a company’s ties to foreign governments with a history of industrial and cyber-espionage when assessing bids.
Wiedefeld said WMATA officials have met with the Department of Defense (DoD) to “review potential critical infrastructure vulnerabilities,” and sensitive components in the railcars would be tested by a DoD-approved third party.
He said foreign bids on the project are inevitable. “We would welcome the opportunity to support an American-owned company when purchasing railcars, but unfortunately, there are currently no American-owned railcar manufactures,” Wiedefeld said.