Wednesday, November 30, 2022

Review - TSA Publishes Surface Transportation Cybersecurity ANPRM

Today the TSA published an advanced notice of proposed rulemaking (ANRM) in the Federal Register (87 FR ) for “Enhancing Surface Cyber Risk Management”. In this rulemaking the TSA “is seeking input regarding ways to strengthen cybersecurity and resiliency in the pipeline and rail (including freight, passenger, and transit rail) sectors.”

ANPRM Questions

TSA has listed a series of specific questions that it is looking for input on from industry and the public in this ANPRM. These questions cover the following topics (number of questions in each topic):

Identifying current baseline of operational resilience and incident response (6),

Identifying how CRM is implemented (6),

Maximizing the ability for owner/operators to meet evolving threats and technologies (25),

Identifying opportunities for third-party experts to support compliance (3),

Cybersecurity maturity considerations (3), and

Incentivizing cybersecurity adoption and compliance (3).

Public Comments Solicited

TSA is soliciting public comments on this ANPRM. Comments may be submitted via the Federal eRulemaking Portal (; Docket # TSA-2022-0001). Comments should be submitted by January 17th, 2023 (I expect that there will be several requests for an extension of this deadline due to the holidays).


For more details on the ANPRM, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */