top of page
Writer's pictureJohn Jordan

TSA Proposes New Cybersecurity Requirements for Transportation Systems

The Transportation Security Administration (TSA) has announced a significant proposal aimed at enhancing cybersecurity across the nation’s transportation systems. This new rule, which is open for public comment until February 5, 2025, targets specific freight and passenger railroads, as well as bus and pipeline operations, to bolster defenses against cyber threats.

Transportation Security Administration | BetterWorld Technology

Key Takeaways

  • The proposed rule affects approximately 73 freight railroads and 34 passenger rail systems in the U.S.

  • It mandates annual cybersecurity evaluations and the development of comprehensive cybersecurity plans.

  • Stakeholders are encouraged to provide feedback on the proposed regulations by February 2025.

Overview of the Proposed Rule

The TSA's Notice of Proposed Rulemaking outlines new cybersecurity requirements that will apply to certain high-risk transportation operators. This initiative is part of a broader effort to secure critical infrastructure following increasing cyber threats, including the notable Colonial Pipeline ransomware attack in 2021.

The proposed regulations will require affected operators to:

  1. Establish and maintain a comprehensive Cyber Risk Management (CRM) program.

  2. Conduct annual cybersecurity evaluations to assess vulnerabilities and improve defenses.

  3. Report significant cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours of detection.

Impact on Transportation Operators

The TSA estimates that nearly 300 transportation operators will be impacted by these new requirements. This includes:

  • Freight Railroads: 73 out of approximately 620

  • Passenger Rail Systems: 34 out of 92

  • Bus Operators: 71 over-the-road bus owners and operators

  • Pipeline Facilities: 115 regulated by the Pipeline and Hazardous Materials Safety Administration

Goals of the New Regulations

The primary objectives of the proposed cybersecurity requirements include:

  • Enhancing the resilience of the nation’s transportation infrastructure against cyber threats.

  • Establishing a standardized approach to cybersecurity across various transportation sectors.

  • Encouraging collaboration between the TSA and industry stakeholders to develop effective cybersecurity strategies.

Requirements for Compliance

Under the proposed rule, affected operators will need to:

  • Develop a Cybersecurity Implementation Plan (CIP) that identifies responsible personnel and critical systems.

  • Create a Cybersecurity Assessment Plan (CAP) that includes a schedule for regular assessments and reporting of vulnerabilities.

  • Implement measures for incident response and recovery to ensure swift action in the event of a cyber incident.

Public Feedback and Next Steps

The TSA is actively seeking input from industry stakeholders and the public regarding the proposed regulations. Comments can be submitted until February 5, 2025, and are encouraged to address potential economic, environmental, and operational impacts of the new requirements.

This initiative reflects the TSA's commitment to strengthening cybersecurity across the transportation sector, ensuring that operators are better prepared to manage and mitigate cyber risks. As the landscape of cyber threats continues to evolve, these regulations aim to provide a robust framework for protecting critical infrastructure and maintaining public safety.

With cyber threats becoming more complex, safeguarding your business is more critical than ever. At BetterWorld Technology, we're constantly evolving to stay ahead of these risks, providing the expertise your company needs. Don’t wait until it's too late—book a consultation with BetterWorld Technology today, and let us help you fortify your cybersecurity defenses.

Sources

  • TSA proposes new cybersecurity requirements for some railroads, other transportation systems - Trains, Trains Magazine.

  • TSA proposes new cybersecurity rule for surface transportation, seeks public feedback - Industrial Cyber, Industrial Cyber.

  • TSA proposes cybersecurity requirements for pipelines, railroad operators, Federal News Network.

  • New Cybersecurity Requirements for Some Railroads Announced by TSA - Railway Supply, Railway Supply.

13 views
bottom of page