Saturday, February 17, 2024

TSA Sends Surface Cyber Risk Management NPRM to OMB

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking from the TSA on “Enhancing Surface Cyber Risk Management”. The advanced notice of proposed rulemaking for this rule was published [removed from paywall] on November 30th, 2022.

The Fall 2023 Unified Agenda entry for this rulemaking notes:

“On July 28, 2021, the President issued the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems.  In response to the ongoing threat to pipeline systems, TSA used its authority under 49 U.S.C. 114 to issue emergency security directives to owners and operators of TSA-designated critical pipelines that transport hazardous liquids and natural gas to implement a number of urgently needed protections against cyber intrusions.  TSA also issued security directives in the freight, passenger, and transit-rail sectors under the same statutory authority.  TSA is committed to enhancing and sustaining industry’s resilience to cybersecurity attacks.  TSA intends to issue a rulemaking that will permanently codify critical cybersecurity requirements for pipeline and rail modes.  Through this rulemaking, TSA will also address certain requirements in the Implementing Recommendations of the 9/11 Commission Act of 2007 related to information and operational technology systems. TSA is committed to enhancing and sustaining cybersecurity for all modes of transportation and intends to issue a rulemaking that may codify these and other requirements following an opportunity for notice and comment.  In addition to holding numerous technical roundtables with the industry regarding cybersecurity requirements, TSA also solicited public input in the development of this rulemaking through publication of an advance notice of proposed rulemaking in November 2022.”

No comments:

/* Use this with templates/template-twocol.html */