Skip main navigation (Press Enter).
Log in
Toggle navigation
Who We Are
About
Membership
National Sponsors
Press Releases
Contact Us
What We Do
Events
Upcoming APGA Events
Natural Gas Utility Workers' Day
Public Natural Gas Week
APGA RF/GTI Energy Research Forum
Upcoming Committee Meetings
Virtual Events
Gas Events Calendar
Resources
Advocacy
Association Materials
Gas Career Openings
Natural Gas & Public Gas Utility Information
Operations & Safety Resources
PHMSA Pipeline Modernization Grants
Publications
Tools & Toolkits
Videos
Programs
APGA Awards
APGA Public Gas Policy Council
APGA Goal Tool
APGA SOAR Program
Mutual Aid Program
Plastic Pipe Data Collection (PPDC)
APGA Research Foundation (RF)
APGA Security & Integrity Foundation (SIF)
Log in
Terms & Conditions
Contact Us
Regulatory Submissions
×
Back to Library
Joint Comments on TSA NPRM "Enhancing Surface Cyber Risk Management" (Feb 5 2025)
Helpful
02-06-2025 12:01 PM
Joshua St.Pierre
This week, APGA joined six other trade groups in submitting comments on the Transportation Security Administration’s (TSA) Notice of Proposed Rulemaking (NPRM) titled “Enhancing Surface Cyber Risk Management.” Read the comments,
here
. According to TSA, this rulemaking will,
“…propos[e] to impose cyber risk management (CRM) requirements on certain pipeline and rail owner/operators and a more limited requirement, on certain over-the-road bus (OTRB) owner/operators, to report cybersecurity incidents. With the proposed addition of requirements applicable to pipeline facilities and systems, TSA is also proposing that a requirement to have a Physical Security Coordinator and report significant physical security concerns be extended to the same facilities and systems.”
Generally, the NPRM lays out a regulatory framework similar to the requirements that had been laid out in the TSA’s recent
Security Directives (SD)
, with some additional requirements. While most APGA members are not impacted by the SDs, and likely won’t be impacted by this NPRM, the rule could increase the number of APGA utilities required to abide by the mandates.
The APGA Security Subcommittee conducted an ad-hoc meeting to discuss APGA members’ concerns with the rulemaking and open dialogue about potential impacts. Feedback from this meeting was incorporated into the joint industry comments.
The joint comments focused on key suggestions from the pipeline industry including:
• TSA should limit the scope of this rulemaking to only those operator-designated Critical Cyber Systems.
• TSA should avoid prescriptive management of owners/operators’ personnel decisions.
• TSA should re-evaluate the expanse of compliance obligations for covered owner/operators.
• TSA should clearly articulate the transition from SDs to regulation.
• TSA should not take possession of owners/operators’ sensitive security information.
• TSA is encouraged to be appropriately resourced to address the threat and risk posed to pipeline systems.
Updates will be given to members of APGA’s Security Subcommittee as they become available.
Statistics
0 Favorited
8 Views
1 Files
0 Shares
2 Downloads
Attachment(s)
2025-0204_TSA Cyber NPRM Pipeline Trades.pdf
144 KB
1 version
Uploaded - 02-06-2025
Download
Download Document
Please accept the terms of the copyright associated with this attachment before downloading it. Click the link below to read the terms.
Accept
Related Entries and Links
No Related Resource entered.
Copyright 2026 American Public Gas Association. All rights reserved.
Powered by Higher Logic