The new directive from the Transportation Security Administration requires rail companies to report hacking incidents to the Department of Homeland Security and to have a plan to keep a cybersecurity incident from hampering their operations.