Pekoske: TSA working on rulemaking to codify critical cybersecurity requirements for pipeline, rail carriers

David P. Pekoske, a representative of the Transportation Security Administration (TSA), testified before the House Homeland Security Subcommittee on Transportation and Maritime Security last week that the agency is working on a rulemaking to permanently codify crucial cybersecurity requirements for pipeline and rail transportation. The hearing comes in a hearing on the U.S. administration’s TSA Fiscal Year 2024 Budget request. 

TSA administrator Pekoske wrote in his testimony that “TSA established the first performance-based, outcome-focused cybersecurity-related Security Directives and Security Program Amendments that require mandatory incident reporting and the adoption of mitigation measures to the most critical owners and operators of transportation infrastructure in pipelines, rail, and aviation.”  

Pekoske also said in the years since 9/11, and specifically over the past fiscal year, “TSA has not only had to address ever-present physical threats to aviation but also dynamic and emerging cybersecurity threats to our nation’s aviation, rail, as well as hazardous liquid and natural gas pipeline infrastructure.”

He added that the agency is committed to enhancing and sustaining the industry’s resilience to cybersecurity attacks. “TSA published Information Circulars to Transportation Systems Sector stakeholders with recommended actions to reduce vulnerabilities associated with cybersecurity-related threats.”

Pekoske outlined that securing and safeguarding the nation’s transportation system requires ‘innovative’ solutions to address cybersecurity threats and risks associated with the continued integration of advanced electronic and networked systems. “The FY 2024 President’s Budget includes an increase of $10.4M for cybersecurity staffing, as well as the development and implementation of enhanced cybersecurity-related measures to improve cyber resiliency across the U.S. Transportation Systems Sector,” he added. 

Across the transportation sector, TSA continues to help partners build cyber resilience and improve incident response, focusing on the pipeline, rail, and aviation sub-sectors, according to Pekoske. “With those stakeholders, TSA hosts a variety of planning meetings, intelligence briefings, and tabletop exercises to ensure partners are aware and prepared to respond to emerging issues.”

Pekoske said that he has “personally visited pipelines and other critical infrastructure operators to discuss the evolving cybersecurity threat, and to understand the challenges and successes of implementing the current security directives and program amendments.”

He added that TSA works closely with the transportation industry to provide agile and responsive security across all modes of transportation through passenger and cargo screening, vetting and credentialing personnel in critical transportation sectors, law enforcement, regulatory compliance, and international cooperation.

In his opening remarks at the hearing, House Homeland Security Subcommittee on Transportation and Maritime Security Chairman Carlos Gimenez, a Republican from Florida, said that “the more than 60,000 men and women of today’s TSA play a crucial role in keeping our country safe and secure. It is the responsibility of Congress to ensure that TSA and its workforce have the necessary resources to address various challenges and threats and keep Americans safe.”

With that said TSA’s 2024 budget request includes $1.1 billion for pay increases for the TSA workforce, according to Gimenez. “While I am supportive of the TSA workforce, many Members of our committee would prefer to take a targeted approach with potential pay increases. A targeted approach would ensure that only frontline TSA personnel are getting a pay increase. Instead, TSA is proposing a pay increase across the board, including for already highly-paid senior personnel at TSA headquarters,” he added.

Last month, Gimenez pointed out that the House Appropriations Subcommittee on Homeland Security held a markup for Fiscal Year 2024 Homeland Security bill. “Included in that bill is a targeted pay increase for Transportation Security Officers and a total of 5.9 billion for the frontline screening workforce. This is an $856 million dollar increase above Fiscal Year 2023 to fund pay increases for TSOs, which I support. I want to emphasize the funding constraints, including TSA’s topline pay equity requests, have led to continued delays and investing in new, more effective security technology given the current fiscally constrained environment,” he added.

“TSA’s Fiscal Year 2024 budget request diverts funding from key areas, such as much-needed investments in security technology. Investments in security technology such as computer tomography and Credential Authentication Technology, CAT, must remain a top priority as a cost-effective, proven solution to decrease risk to the transportation system,” Gimenez said. “We must also ensure that TSA is being proactive in shortening the time it takes to develop and pilot new technologies and deploying them in the field.”

Gimenez said that the TSA’s Fiscal Year 2024 budget request includes only $70 million to procure additional CT systems. “This is significantly less than the amount that was appropriated in Fiscal Year 2023. Under TSA’s Fiscal Year 2024 request, and based on past, present, and current projected funding, TSA will not meet full operational capability for CT machines until Fiscal Year 2042. It goes without saying that’s a little bit slow,” he added. 

Fortunately, the House Appropriations Fiscal Year 2024 Homeland Security bill includes $105.4 million for CT systems, which makes up to a $30 million shortfall from TSA’s budget requests, Gimenez added.

Last week, the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection held a hearing that identified that a robust cybersecurity workforce is needed to mitigate risk across federal networks and critical infrastructure. Chairman Andrew Garbarino, a Republican from New York, outlined that over the last several months, the Subcommittee has taken a broad look at the Cybersecurity and Infrastructure Security Agency (CISA) development since 2018 and its increasingly important role in mitigating risk across federal networks and critical infrastructure.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.