This week the Congressional Research Service (CRS) published a brief report on the TSA’s pipeline cybersecurity directives. It provides a summary of the two cybersecurity directives and the changes that TSA has made to those directives. The three-page report concludes with the summary of issues for congressional consideration:
“Issues may arise regarding
harmonization between TSA’s requirements for cyber incident and ransomware
reporting and future reporting regulations to be promulgated by CISA as
required by the Cyber Incident Reporting for Critical Infrastructure Act of
2022, enacted as part of the Consolidated Appropriations Act, 2022 (P.L.
117-103). Some in industry also have been critical of TSA issuing Security
Directives under emergency authority rather than promulgating cybersecurity
regulations through a traditional rulemaking process with more opportunity for
industry input. Some industry analysts have questioned whether TSA has
sufficient staff with enough cybersecurity and regulatory expertise to
effectively administer its pipeline cybersecurity program. The quality,
quantity, and timeliness of cybersecurity risk information originating with the
government and being shared with the private sector also continues to be an
area of focus. Congress also may choose to consider how TSA’s ongoing pipeline
cybersecurity oversight will fit together with the nation’s overall strategy to
protect critical infrastructure from cybersecurity threats.”
Posts
No comments:
Post a Comment