Wednesday, December 1, 2021

Review - OMB Approves TSA Cybersecurity ICR for Surface Transportation

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had issued an emergency approval for an information collection request from the TSA for “Cybersecurity Measures for Surface Modes” (1652-0074). According to the abstract for the new ICR: “TSA intends to publish Security Directives (SD), which will be mandatory, and Information Circular (IC), which will be non-mandatory recommendations, to various surface transportation mode operators to address the ongoing cybersecurity threat using a risk-based approach to transportation security.

The information provided in yesterday’s ICR approval document is sketchy and incomplete at best. TSA is required within the next 90 days to publish a standard 60-day ICR notice in the Federal Register. Given TSA’s history of incomplete and misleading ICR notices, I do not expect to see any useable details in that notice.

I expect that we will see the release of the two security directives either today or tomorrow. With the information provided in this ICR, I expect these will be similar to the first SD issued to pipeline operators and that the information will be made public. We will have to wait and see if TSA plans on issuing a restricted distribution follow-on security directive like they did with the pipeline folks.

For more details about the ICR and the security directives that it supports, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */