Subscribe to Newsletters

Curated Content | Thought Leadership | Technology News

TSA Proposes New Permanent Cybersecurity Rules for Railways and Pipelines

Full steam ahead.
Ryan Uliss
Contributing Writer
A steam engine train on the track.

The Transportation Security Administration (TSA) has proposed a new rule to strengthen cybersecurity across pipeline, railroad, and select bus operators, formalizing emergency directives issued in response to rising cyber threats. This rule aims to enhance the security of the nation’s transportation systems, prompted by incidents like the devastating 2021 Colonial Pipeline ransomware attack.

The proposed rule requires three key elements within cyber risk management (CRM) plans: annual cybersecurity evaluations, independent vulnerability assessments, and a cybersecurity operational implementation plan.

Annual evaluations ensure operators continuously assess and adapt to emerging cyber threats. Independent vulnerability assessments identify unaddressed security gaps. The operational plan assigns cybersecurity roles, details protections for critical systems, and outlines protocols for detecting, responding to, and recovering from cyber incidents, creating a clear and proactive framework across the sector.

The proposed rule is set to affect approximately 300 transportation entities, with implementation costs estimated at $2.1 billion over the next decade. The TSA is inviting public and industry feedback through early 2025 to help refine and finalize these requirements.

Why It Matters: The transportation sector, integral to both economic stability and national security, is increasingly vulnerable to sophisticated cyber threats from both nation-states and organized cybercriminals. By formalizing these security directives, TSA aims to build a proactive cybersecurity framework that can mitigate such threats. This rule not only targets the weaknesses exposed by previous attacks but also adapts to emerging technologies, such as artificial intelligence, which have introduced new dimensions of risk.

  • Codification of Emergency Directives: TSA’s proposed rule seeks to formalize temporary emergency directives issued after the Colonial Pipeline attack in 2021, including required cyber incident reporting and CRM programs. These measures are now intended to be permanent, forming a structured regulatory framework for transportation cybersecurity.
  • Core Requirements of CRM Programs: The rule mandates an annual cybersecurity evaluation, a vulnerability assessment independent of conflicted interests, and a comprehensive operational plan. This plan will outline measures to detect, respond to, and recover from cyber incidents, with oversight provided by TSA to ensure compliance.
  • Industry Feedback and Flexibility: In response to feedback from industry stakeholders, TSA has aimed to create adaptable and scalable cybersecurity measures. This performance-based approach allows operators to tailor their defenses to unique infrastructure requirements, supporting a diverse transportation sector.
  • Acknowledgment of Major Threats: The rule explicitly mentions nation-states as persistent sources of cyber threats to U.S. infrastructure, highlighting recent cyber espionage operations and the potential for AI-enhanced attacks. The regulation reflects an urgent need to bolster defenses against increasingly complex and evasive cyber tactics.

Go Deeper -> TSA Floats New Rules Mandating Cyber Incident Reporting for Pipelines, Railroads – The Record

TSA Issues Proposed Cyber Mandates for Pipelines, Rail, Airlines – CyberScoop

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters