Cybersecurity and Infrastructure Security Agency

TSA Renews Rail Security Directives

The Transportation Security Administration (TSA) on Oct. 23 reported renewing and updating three security directives on passenger and freight railroad cybersecurity.

"TSA should clearly articulate any problem with cyber risk it believes exists prior to resorting to regulation," AAR and ASLRRA wrote to the agency on Feb. 1.

AAR, ASLRRA to TSA: CRM Regulations ‘Not Necessary’

The Association of American Railroads (AAR) and the American Short Line and Regional Railroad Association (ASLRRA) “believe regulation is not required, particularly considering the extensive efforts of the industry to mitigate risk, and the ongoing implementation of Security Directives (SDs) by industry,” the two associations wrote to the Transportation Security Administration (TSA) on Feb. 1 as part of their submitted comments concerning the agency’s advance notice of proposed rulemaking (ANPRM) focused on cyber risk management (CRM) in the pipeline and rail sectors.