Enhancing Surface Cyber Risk Management

Document Headings Document headings vary by document type but may contain the following: the agency or agencies that issued and signed a document the number of the CFR title and the number of each part the document amends, proposes to amend, or is directly related to the agency docket number / agency internal file number the RIN which identifies each regulatory action listed in the Unified Agenda of Federal Regulatory and Deregulatory Actions See the Document Drafting Handbook for more details. Department of Homeland Security Transportation Security Administration 49 CFR Parts 1500, 1503, 1520, 1570, 1580, 1582, 1584, and 1586 [Docket No. TSA-2022-0001] RIN 1652-AA74 ( printed page 88488) AGENCY: Transportation Security Administration, DHS. ACTION: Notice of proposed rulemaking (NPRM). SUMMARY: The Transportation Security Administration (TSA) is proposing to impose cyber risk management (CRM) requirements on certain pipeline and rail owner/operators and a more limited requirement, on certain over-the-road bus (OTRB) owner/operators, to report cybersecurity incidents. With the proposed addition of requirements applicable to pipeline facilities and systems, TSA is also proposing that a requirement to have a Physical Security Coordinator and report significant physical security concerns be extended to the same facilities and systems. Finally, TSA is proposing clarifications and reorganization of other regulatory requirements necessitated by these changes. DATES: Submit comments by February 5, 2025. ADDRESSES: Comments on this NPRM: You may submit comments on this NPRM, identified by the TSA docket number to this rulemaking, to the Federal Docket Management System (FDMS), a government-wide, electronic docket management system. To avoid duplication, please use only one of the following methods: Electronic Federal eRulemaking Portal: https://www.regulations.gov . Follow the online instructions for submitting comments. Mail: Docket Management Facility (M-30), U.S. Departme…