This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
11/7/2024
The Transportation Security Administration yesterday announced a proposed rule that would mandate the establishment of pipeline and railroad cyber risk management programs.
The proposal would build on performance-based cybersecurity requirements that the TSA previously issued via annual security directives since 2021. If it receives final approval, the rule would leverage the cybersecurity framework developed by the National Institute of Standards and Technology and the cross-sector cybersecurity performance goals developed by the Cybersecurity and Infrastructure Security Agency (CISA).
Specifically, the proposed rule calls for:
• requiring certain pipeline, freight railroad, passenger railroad and transit-rail owner/operators with higher cybersecurity risk profiles establish and maintain a comprehensive cyber risk management program;
• requiring these owner/operators and higher-risk bus-only public transportation and over-the-road bus owner/operators, currently required to report significant physical security concerns, to TSA to report cybersecurity incidents to CISA; and
• extending to higher-risk pipeline owner/operators TSA’s current requirements for rail and higher-risk bus operations to designate a physical security coordinator and report significant physical security concerns to TSA.