Curated Content | Thought Leadership | Technology News

TSA’s Cyber Disclosure Mandate Sparks Tension with Natural Gas Sector

Push back or push forward.
TNCR Staff

The Transportation Security Administration’s (TSA) new cybersecurity rules, designed to replace post-Colonial Pipeline directives, are facing resistance from the natural gas industry.

Pipeline operators are particularly alarmed by provisions requiring detailed disclosures of their cybersecurity measures. At a recent congressional hearing, industry executives voiced concerns about whether the TSA, or any government agency, could securely handle such sensitive information.

This skepticism, encapsulated in remarks by Kimberly Denbow of the American Gas Association, underscores broader tensions between industry stakeholders and regulatory authorities.


“If we’re going to give all of this to TSA for them to hold on to, we might
as well just give it to China or to Russia.”

Kimberly Denbow – American Gas Association

As public comments on the proposal remain open until February 5, 2025, the challenge for policymakers is balancing effective cybersecurity with protecting proprietary industry data.

Why It Matters: For CIOs and technology leaders, the TSA’s proposed cybersecurity rules spotlight the growing demand for robust cyber risk management and compliance frameworks in critical infrastructure sectors. These rules challenge organizations to safeguard their operational systems while balancing the risk of exposing sensitive data through regulatory disclosures. Understanding and navigating these evolving mandates is crucial for technology leaders to ensure both compliance and security, especially as cyber threats against critical industries continue to escalate.

  • Post-Colonial Pipeline Legacy: The TSA’s proposed cybersecurity regulations are a response to vulnerabilities exposed by the 2021 Colonial Pipeline ransomware attack, which disrupted fuel supplies across the U.S. and highlighted weaknesses in critical infrastructure cybersecurity. These rules seek to formalize temporary directives issued after the incident, emphasizing the need for proactive risk management and consistent defense mechanisms to protect vital sectors like energy and transportation.
  • Data Privacy Concerns Among Operators: One of the most contentious aspects of the proposed rules is the requirement for operators to disclose extensive details about their cybersecurity programs. Natural gas companie fear that sharing this information with the TSA or other agencies could expose proprietary systems and sensitive operational details, increasing the risk of leaks or cyberattacks. This distrust in the government’s ability to safeguard such information underscores broader tensions between regulators and the private sector.
  • Industry Distrust Amplified by Geopolitical Risks: During a congressional hearing, concerns were raised about potential geopolitical consequences, likening the disclosure requirements to inadvertently handing critical security data to adversarial nations like China or Russia. This sentiment reflects caution that centralized data collection could create a single point of vulnerability, potentially exploited by foreign adversaries or malicious actors targeting U.S. infrastructure.
  • Balancing Compliance and Practicality: While the TSA aims to implement performance-based cybersecurity programs, industry leaders emphasize the need for regulations to be both achievable and sustainable. Unrealistic compliance expectations could strain operational budgets and divert resources away from innovative cyber defense measures, ultimately diminishing the overall effectiveness of the regulations.
  • Open Dialogue and Regulatory Feedback: With public comments open until February 5, 2025, there is a critical opportunity for stakeholders to shape the final version of the rules. Rep. Carlos Gimenez has advocated for private discussions between regulators and industry operators, free from TSA oversight, to gather unfiltered feedback. This collaborative approach could bridge gaps between regulatory intent and operational realities, fostering trust and better outcomes.

Go Deeper -> TSA Cyber Disclosure Requirements Worry Natural Gas Companies – WSJ

New TSA cyber rules leave lawmakers, industry hopeful for happy medium regulations – NEXTGOV

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters