TSA Announces Proposed Rule Requiring Establishment of Pipeline, Railroad Cyber Risk Management Programs -- Security Today

TSA Announces Proposed Rule Requiring Establishment of Pipeline, Railroad Cyber Risk Management Programs

Nov 12, 2024

The Transportation Security Administration (TSA) published a Notice of Proposed Rulemaking that proposes to mandate cyber risk management and reporting requirements for certain surface transportation owners and operators.

“TSA has collaborated closely with its industry partners to increase the cybersecurity resilience of the nation’s critical transportation infrastructure,” said TSA Administrator David Pekoske. “The requirements in the proposed rule seek to build on this collaborative effort and further strengthen the cybersecurity posture of surface transportation stakeholders. We look forward to industry and public input on this proposed regulation.”

This rule proposes to continue TSA’s commitment to performance-based requirements. Building on the performance-based cybersecurity requirements TSA previously issued via annual Security Directives since 2021, the proposed rule leverages the cybersecurity framework developed by the National Institute of Standards and Technology and the cross-sector cybersecurity performance goals developed by the Cybersecurity and Infrastructure Security Agency (CISA).

Consistent with these requirements and standards, this rule proposes:

To require that certain pipeline, freight railroad, passenger railroad and rail transit owner/operators with higher cybersecurity risk profiles establish and maintain a comprehensive cyber risk management program;
To require these owner/operators, and higher-risk bus-only public transportation and over-the-road bus owner/operators, currently required to report significant physical security concerns to TSA to report cybersecurity incidents to CISA; and
To extend to higher-risk pipeline owner/operators TSA’s current requirements for rail and higher-risk bus operations to designate a physical security coordinator and report significant physical security concerns to TSA.

TSA asserts that maintaining an effective cybersecurity posture is critically important to ensuring that the surface transportation sector is prepared for, and able to manage, cyber risks. The requirements contained in this proposed rule would strengthen cybersecurity resilience across the surface transportation systems sector.

Featured

Cutting Retail Losses

Retail is still a more complex and dynamic security vertical in modern society. Inherent challenges with in-store and distribution center operations are primarily due to constantly shifting consumer buying trends. Retailers must show daily flexibility to keep workers, meet sales goals and attract customers while maintaining safe and efficient operations. Retail is an intricate web of interconnected elements. Read Now
- Retail Loss Prevention
The Key to Wellbeing in the Office

A few years ago, all we saw in the news was the ‘great resignation.’ Now we have another ‘great’ to deal with. According to CBRE, 2023 was the start of the ‘great return’ as office workers returned to their normal offices after working from home. The data shows that two-thirds of all U.S office buildings were more than 90% leased as of Q2 2023. Read Now
- Access Control
Failed Cybersecurity Controls Costing U.S. Businesses $30 Billion Yearly

Panaseer recently released ControlWatch and the Continuous Controls Battle: Panaseer 2025 Security Leaders Report examining the cost of cybersecurity control failures and the impact of growing personal liability for security failings on security leaders. The report analyzes the findings of a survey of 400 security decision makers (SDMs) across the US and UK. It shows that security leaders feel under increasing pressure to provide assurances around cybersecurity, exposing them to greater personal risk – yet many lack the data and resources to accurately report and close cybersecurity gaps. Read Now
- Cybersecurity
The Business Case for Video Analytics: Understanding the Real ROI

For security professionals who may be hesitant to invest in video analytics, now's the time to reconsider. In a newly released Omdia report commissioned by BriefCam (now Milestone Systems), the research firm uncovered a compelling story: more than 85% of North American and European organizations that use video analytics achieve a return on investment within just one year. The study, which surveyed 140 end users across multiple industries, demonstrates that security technology is no longer just for security — it's a cross-organizational tool that delivers measurable business value far beyond traditional safety applications. Read Now
- Video Surveillance

Webinars

Hanwha Vision (formerly Hanwha Techwin)

Getting Control of your Access
Hanwha Vision (formerly Hanwha Techwin), Eagle Eye Networks Inc, Salient Systems, Safety Technology International Inc., AtlasIED, Omnilert, Paxton Access Inc., Napco Access Pro, Hirsch, CENTEGIX

Lessons Learned from an Active Shooter Crisis
Push-to-Talk over Cellular – The NEXT Revolution

Whitepapers

911Cellular

A Buyer's Guide to Panic Button Systems
Allegion

The Current State of School Security
Hytera US Inc.

Push-to-Talk Over Cellular

New Products

Camden CV-7600 High Security Card Readers

Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3
ResponderLink

Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3
A8V MIND

Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

TSA Announces Proposed Rule Requiring Establishment of Pipeline, Railroad Cyber Risk Management Programs

TSA Announces Proposed Rule Requiring Establishment of Pipeline, Railroad Cyber Risk Management Programs

Milestone Systems Enhances Cloud Connectivity and the Care Plus Experience with the Latest XProtect Release

TMA Awards Four Mel Mahler Awards for Outstanding Contributions

Wavelynx Expands into Middle East and North Africa with New Office in Dubai

Securitas Technology Partners with K9s United to Support Law Enforcement Canines

Everon Receives 2024 HIRE Vets Gold Medallion Award From U.S. Department of Labor

Hanwha Vision Unveils New Multi-sensor SolidEDGE Camera Powered by NVIDIA Jetson Platform