Federal Highway Administration wants feedback on proposal to use cyber tool

The Department of Transportation’s Federal Highway Administration is seeking public comments on its proposal to allow transportation authorities to use a Cybersecurity and Infrastructure Security Agency tool to better address cyber incidents.

The FHWA’s proposal to adopt CISA’s Cyber Security Evaluation Tool — which “authorities can use to assist in identifying, detecting, protecting against, responding to, and recovering from cyber incidents,” per a Federal Register posting — would meet a requirement called out in the bipartisan infrastructure law of 2021.   

The agency said in the posting that it “thinks it is appropriate to leverage CISA’s expertise instead of attempting to create a separate and potentially duplicative tool.” CSET, which is available for public download, provides modules and questionnaires tailored to specific critical infrastructure sectors. The voluntary software tool takes “a systematic approach to assess cybersecurity controls and processes.” 

FHWA’s decision to use CSET was made following coordination with CISA and the Transportation Security Administration, as well as consultation with various stakeholders on the efficacy of the tool. The FHWA noted that many state agencies use CSET, “while others customize alternative cybersecurity solutions to align with their distinct mission requirements.”

The FHWA said it will continue to partner with other federal agencies charged with the development of cybersecurity tools so that it can “ensure highway-related equities are considered and incorporated appropriately.”

The deadline to submit comments on the FHWA’s proposal is April 19, though late submissions “will be considered to the extent practicable.”