View Rule

View EO 12866 Meetings Printer-Friendly Version     Download RIN Data in XML

DHS/TSA RIN: 1652-AA74 Publication ID: Fall 2021 
Title: ●Surface Transportation Cybersecurity Measures  

On July 28, 2021, the President issued the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems.  Consistent with this priority of the Administration and in response to the ongoing cybersecurity threat to pipeline systems, TSA used its authority under 49 U.S.C. 114 to issue security directives to owners and operators of TSA-designated critical pipelines that transport hazardous liquids and natural gas to implement a number of urgently needed protections against cyber intrusions.  The first directive, issued in May 2021, requires critical owner/operators to (1) Report confirmed and potential cybersecurity incidents to the Cybersecurity and Infrastructure Agency (CISA); (2) designate a Cybersecurity Coordinator to be available 24 hours a day, seven days a week; (3) review current cybersecurity practices; and (4) identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days of issuance of the SD.  A second security directive issued in July requires these owners and operators to (1) Implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems; (2) develop and implement a cybersecurity contingency and recovery plan; and (3) conduct a cybersecurity architecture design review. TSA is committed to enhancing and sustaining cybersecurity and intends to issue a rulemaking that will codify certain requirements with respect to pipeline and certain other surface modes.

Agency: Department of Homeland Security(DHS)  Priority: Other Significant 
RIN Status: First time published in the Unified Agenda Agenda Stage of Rulemaking: Long-Term Actions 
Major: Undetermined  Unfunded Mandates: Undetermined 
CFR Citation: 49 CFR 1570   
Legal Authority: 49 U.S.C. 114   
Legal Deadline:  None

Statement of Need:

This rulemaking is necessary to address the ongoing cybersecurity threat to U.S. transportation modes.

Anticipated Costs and Benefits:

TSA is in the process of determining the costs and benefits of this rulemaking.

Action Date FR Cite
NPRM  To Be Determined 
Regulatory Flexibility Analysis Required: Undetermined  Government Levels Affected: Undetermined 
Federalism: Undetermined 
Included in the Regulatory Plan: Yes 
RIN Data Printed in the FR: No 
Agency Contact:
Scott Gorton
Executive Director, Surface Policy Division
Department of Homeland Security
Transportation Security Administration
Policy, Plans, and Engagement, 6595 Springfield Center Drive,
Springfield, VA 20598-6002
Phone:571 227-1251