TSA issues proposed rule to establish cyber risk management requirements for pipeline, railroad sectors

The Transportation Security Administration has released a long-awaited notice of proposed rulemaking directing owners and operators in the pipeline and railroad sectors to set up cyber risk management programs with specific requirements, as part of an effort to build on security directives issued in the wake of the 2021 Colonial Pipeline incident.

“The Transportation Security Administration (TSA) is proposing to impose cyber risk management (CRM) requirements on certain pipeline and rail owner/operators and a more limited requirement, on certain over-the-road...