Hello, Guest.!
TSA Proposes New Cybersecurity Rules
//

TSA Proposes New Cybersecurity Rules

2 mins read

The Transportation Security Administration has released a notice of proposed rulemaking aimed at enhancing cybersecurity strategies for surface transportation owners and operators. 

TSA’s Proposed Cybersecurity Rule Changes

The agency said Wednesday the proposal will mandate cyber risk management and reporting requirements for particular surface transportation operators.

Under the proposal, certain pipeline, freight railroad, passenger railroad and rail transit owners and operators are required to establish and maintain a cyber risk management program. The owners and operators of the surface transportation systems also need to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency previously, they were only required to report to the TSA. Finally, each high-risk pipeline owner and operator will designate a physical security coordinator to report physical security issues to the TSA.

Performance-Based Cybersecurity Requirements

TSA will continue leveraging performance-based requirements previously issued in 2021 through the annual Security Directives. The potential rule change utilizes the cybersecurity framework developed by the National Institute of Standards and Technology and the cross-sector cybersecurity performance objectives of CISA.

TSA Administrator David Pekoske, stated, “TSA has collaborated closely with its industry partners to increase the cybersecurity resilience of the nation’s critical transportation infrastructure. The requirements in the proposed rule seek to build on this collaborative effort and further strengthen the cybersecurity posture of surface transportation stakeholders.”

Register now to join the Potomac Officers Club’s 2024 Homeland Security Summit and learn more about the country’s most significant threats and what’s being done to thwart them.