Dive Brief:
- The Transportation Security Administration is seeking public comment on proposed requirements for surface transportation and pipeline companies to implement cyber risk management programs, the agency said Wednesday. The public comment period ends on Feb. 5, 2025.
- The proposed rule calls for certain pipeline, passenger and freight rail operators and rail system companies with high-risk profiles to develop comprehensive cyber risk management programs.
- Pipeline, rail and certain bus transportation or transit systems would be required to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency. The sectors would report any physical security risk concerns to TSA.
Dive Insight:
The proposed mandates follow years of work to strengthen cybersecurity oversight, which were accelerated after the 2020 Sunburst attacks and the 2021 ransomware attack on Colonial Pipeline.
TSA officials declined to elaborate on the proposed pipeline requirements, but did provide additional insight on the proposed rules for surface transportation.
“TSA has, to the maximum practicable extent, met with…
