Saturday, September 10, 2022

CRS Reports – TSA Pipeline Cybersecurity Directives

This week the Congressional Research Service (CRS) published a brief report on the TSA’s pipeline cybersecurity directives. It provides a summary of the two cybersecurity directives and the changes that TSA has made to those directives. The three-page report concludes with the summary of issues for congressional consideration:

“Issues may arise regarding harmonization between TSA’s requirements for cyber incident and ransomware reporting and future reporting regulations to be promulgated by CISA as required by the Cyber Incident Reporting for Critical Infrastructure Act of 2022, enacted as part of the Consolidated Appropriations Act, 2022 (P.L. 117-103). Some in industry also have been critical of TSA issuing Security Directives under emergency authority rather than promulgating cybersecurity regulations through a traditional rulemaking process with more opportunity for industry input. Some industry analysts have questioned whether TSA has sufficient staff with enough cybersecurity and regulatory expertise to effectively administer its pipeline cybersecurity program. The quality, quantity, and timeliness of cybersecurity risk information originating with the government and being shared with the private sector also continues to be an area of focus. Congress also may choose to consider how TSA’s ongoing pipeline cybersecurity oversight will fit together with the nation’s overall strategy to protect critical infrastructure from cybersecurity threats.”

No comments:

/* Use this with templates/template-twocol.html */