An advance notice of proposed rulemaking from the Transportation Security Administration (TSA) aims to formalize and build on cybersecurity requirements for the pipeline and rail sectors that were implemented through emergency directives, and includes a series of questions intended to deepen its understanding of industry risk management practices.

I generally think that it is a good sign that TSA seems to be moving past the emergency directives toward a longer term set of solutions and am glad that they have provided a good window for industry comments. The agency clearly has learned lessons via the development of security directives in these industries — particularly the pipeline ones — and this process should lead to better rules based on that experience.
BOB KOLASKY
SVP, Critical Infrastructure, Exiger Government Solutions
Read full article on Inside Cybersecurity here: