The Biden administration said the requirements made public Thursday are part of a broader effort at protecting the nation’s critical infrastructure from ongoing cyberespionage and a surge in disruptive ransomware attacks.

“These new cybersecurity requirements and recommendations will help keep the traveling public safe,” Homeland Security Secretary Alejandro Mayorkas said in a statement. He had previously previewed the new regulations in October.

The new TSA directives require most passenger and freight rail operators to identify a cybersecurity point person, report incidents within 24 hours to the Cybersecurity and Infrastructure Security Agency, conduct a vulnerability assessment and develop a contingency and recovery plan in case of malicious cyber activity.