Federal Highway Administration will adopt cyber tool created by CISA

The Federal Highway Administration said in a posting to the Federal Register on Tuesday that it would adopt the Cyber Security Evaluation Tool, a voluntary program created by the Cybersecurity and Infrastructure Security Agency designed to help organizations understand their cybersecurity posture. 

The agency said in its announcement that it’s often called in to deal with cyber incidents, particularly around its work with federal and state agencies “whose primary missions revolve around securing critical transportation infrastructure.” Now, it’s adopting the CISA tool to streamline that process. 

“The FHWA provides subject matter expertise to those agencies in identifying potential physical and cybersecurity threats and appropriate mitigation efforts,” the posting states. “When presented with physical or cybersecurity questions, concerns or incidents from State, local, Tribal, and Territorial transportation authorities, or other stakeholders, FHWA routinely assists in connecting these entities to security-focused government agencies, including the Transportation Security Administration, the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation.”

Tuesday’s announcement comes after the Transportation Department component solicited public feedback on the tool in March. The goal, the agency said at the time, was to avoid building a duplicative cyber tool and take advantage of the work CISA had already done. Adopting a system for the agency to flag to handle these kinds of evidence stems from a stipulation outlined in the 2021 bipartisan infrastructure law.