The Transportation Security Administration has released a notice of proposed rulemaking aimed at enhancing cybersecurity strategies for surface transportation owners and operators.
Table of Contents
TSA’s Proposed Cybersecurity Rule Changes
The agency said Wednesday the proposal will mandate cyber risk management and reporting requirements for particular surface transportation operators.
Under the proposal, certain pipeline, freight railroad, passenger railroad and rail transit owners and operators are required to establish and maintain a cyber risk management program. The owners and operators of the surface transportation systems also need to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency previously, they were only required to report to the TSA. Finally, each high-risk pipeline owner and operator will designate a physical security coordinator to report physical security issues to the TSA.
Performance-Based Cybersecurity Requirements
TSA will continue leveraging performance-based requirements previously issued in 2021 through the annual Security Directives. The potential rule change utilizes the cybersecurity framework developed by the National Institute of Standards and Technology and the cross-sector cybersecurity performance objectives of CISA.
TSA Administrator David Pekoske, stated, “TSA has collaborated closely with its industry partners to increase the cybersecurity resilience of the nation’s critical transportation infrastructure. The requirements in the proposed rule seek to build on this collaborative effort and further strengthen the cybersecurity posture of surface transportation stakeholders.”
Register now to join the Potomac Officers Club’s 2024 Homeland Security Summit and learn more about the country’s most significant threats and what’s being done to thwart them.