Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking from the TSA on “Enhancing Surface Cyber Risk Management”. The advanced notice of proposed rulemaking for this rule was published [removed from paywall] on November 30th, 2022.
The Fall 2023 Unified Agenda entry for this rulemaking notes:
“On July 28, 2021, the President
issued the National Security Memorandum on Improving Cybersecurity for Critical
Infrastructure Control Systems. In
response to the ongoing threat to pipeline systems, TSA used its authority
under 49 U.S.C. 114 to issue emergency security directives to owners and
operators of TSA-designated critical pipelines that transport hazardous liquids
and natural gas to implement a number of urgently needed protections against
cyber intrusions. TSA also issued
security directives in the freight, passenger, and transit-rail sectors under
the same statutory authority. TSA is
committed to enhancing and sustaining industry’s resilience to cybersecurity
attacks. TSA intends to issue a
rulemaking that will permanently codify critical cybersecurity requirements for
pipeline and rail modes. Through this
rulemaking, TSA will also address certain requirements in the Implementing
Recommendations of the 9/11 Commission Act of 2007 related to information and
operational technology systems. TSA is committed to enhancing and sustaining
cybersecurity for all modes of transportation and intends to issue a rulemaking
that may codify these and other requirements following an opportunity for
notice and comment. In addition to
holding numerous technical roundtables with the industry regarding
cybersecurity requirements, TSA also solicited public input in the development
of this rulemaking through publication of an advance notice of proposed
rulemaking in November 2022.”
Posts
No comments:
Post a Comment