Rail News – TSA proposes rule to require pipeline, railroad cyber risk management programs. For Railroad Career Professionals

The Transportation Security Administration yesterday announced a proposed rule that would mandate the establishment of pipeline and railroad cyber risk management programs.

The proposal would build on performance-based cybersecurity requirements that the TSA previously issued via annual security directives since 2021. If it receives final approval, the rule would leverage the cybersecurity framework developed by the National Institute of Standards and Technology and the cross-sector cybersecurity performance goals developed by the Cybersecurity and Infrastructure Security Agency (CISA).

Specifically, the proposed rule calls for:

• requiring certain pipeline, freight railroad, passenger railroad and transit-rail owner/operators with higher cybersecurity risk profiles establish and maintain a comprehensive…