Request for Revision: Cybersecurity Measures for Surface Modes
AI-generated summary for informational purposes only. Not legal advice. See the original source for the authoritative text.
The TSA is seeking input on revised cybersecurity requirements for surface transportation. These revisions impact owner/operators of higher risk railroads and transit systems, requiring them to submit detailed cybersecurity plans, report incidents promptly, and designate cybersecurity coordinators with enhanced background checks.
AI-generated summary. May contain errors. Refer to official sources for legal decisions.
Key Changes
- Introduction of detailed cybersecurity implementation and assessment plans
- New requirement for designating cybersecurity coordinators with enhanced security clearances
- Mandatory prompt reporting of cybersecurity incidents
Obligations
What this law requires
Owner/Operators must submit a Cybersecurity Implementation Plan to TSA for approval that outlines how they will meet the required security outcomes.
Operators of higher-risk transportation systems must submit a Cybersecurity Implementation Plan to TSA for approval that identifies how they will meet the required security outcomes.
Operators must submit a Cybersecurity Assessment Plan that describes how they will assess the effectiveness of their cybersecurity measures and provide an annual report of the previous year's assessments.
Owner/Operators must submit a Cybersecurity Assessment Plan that describes how they will assess the effectiveness of their cybersecurity measures and provide an annual report on results.
Owner/Operators must provide contact information for a primary Cybersecurity Coordinator and at least one alternate to the TSA.