Unknown. Notification of ratification of security directives
4,550 words·~21 min read·
/register/2025/01/21/2025-01422A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
--- schema: federal-register doc_type: fedreg source_file: FR-2025-01-21.xml --- 90 12 Tuesday, January 21, 2025 Contents Agricultural Marketing Agricultural Marketing Service RULES Promotion, Research, and Information Order: Paper and Paper-Based Packaging; Clarifying Changes, 6779-6783 2025-01375 Agriculture Agriculture Department See Agricultural Marketing Service See Forest Service NOTICES Agency Information Collection Activities; Proposals, Submissions, and Approvals, 7071-7076 2025-01286 2025-01325 2025-01357 Antitrust Division Antitrust Division NOTICES Changes under the National Cooperative Research and Production Act:
The National Advanced Mobility Consortium, Inc., 7171-7172 2025-01249 Proposed Settlement Agreement, Stipulation, Order, and Judgment, etc.: United States of America v. XCL Resources Holdings, LLC, Verdun Oil Co. II, LLC, and EP Energy LLC, 7159-7171 2025-01252 Centers Disease Centers for Disease Control and Prevention NOTICES Hearings, Meetings, Proceedings, etc.: Advisory Board on Radiation and Worker Health, National Institute for Occupational Safety and Health, 7140 2025-01318 Children Children and Families Administration NOTICES Agency Information Collection Activities;
Proposals, Submissions, and Approvals: Child Support Annual Data Report and Instructions, 7141 2025-01245 Coast Guard Coast Guard PROPOSED RULES Special Local Regulation and Safety Zone: Coast Guard Sector Eastern Great Lakes, 6903-6910 2025-00693 Commerce Commerce Department See International Trade Administration See National Oceanic and Atmospheric Administration Consumer Product Consumer Product Safety Commission PROPOSED RULES Voluntary Standard for Stationary Activity Centers;
Revision, 6844-6845 2025-01277 Council Environmental Council on Environmental Quality RULES Freedom of Information Act and Privacy Act Regulations, 6828-6839 2025-00960 Drug Drug Enforcement Administration NOTICES Importer, Manufacturer or Bulk Manufacturer of Controlled Substances; Application, Registration, etc.: Groff Health, Inc., 7172-7173 2025-01349 Invizyne Technologies, Inc., 7173-7174 2025-01347 Siegfried USA, LLC, 7173 2025-01350 Education Department Education Department RULES Adjustment of Civil Monetary Penalties for Inflation, 6806-6809 2025-01419 PROPOSED RULES Rehabilitation Long-Term Training Program, 6910-6915 2025-00268 Technical Assistance on State Data Collection:
National Technical Assistance Center to Improve State Capacity to Collect, Report, Analyze, and Use Accurate IDEA Part B and Part C Fiscal Data, 6915-6922 2025-00985 NOTICES Applications for New Awards: Expanding Opportunity through Quality Charter Schools Program-Grants to Charter Management Organizations for the Replication and Expansion of High-Quality Charter Schools, 7119-7131 2025-01379 Expanding Opportunity through Quality Charter Schools Program-Grants to State Entities (State Entity), 7104-7119 2025-01380 Employee Benefits Employee Benefits Security Administration NOTICES Exemption:
Certain Prohibited Transaction Restrictions Involving Northern Trust Corp. (Together with its Current and Future Affiliates), Located in Chicago, IL, 7174-7190 2025-01244 Energy Department Energy Department See Federal Energy Regulatory Commission RULES Energy Conservation Program: Energy Conservation Standards for Commercial Refrigerators, Freezers, and Refrigerator-Freezers, 7464-7648 2024-31214 Standards and Test Procedures for Certain Consumer Products and Commercial Equipment;
Corrections, 6784-6795 2025-00987 Environmental Protection Environmental Protection Agency RULES Air Quality State Implementation Plans; Approvals and Promulgations: California; Coachella Valley; Extreme Attainment Plan for 1997 8-Hour Ozone Standards, 6823-6827 2025-01110 California; Interim Final Determination to Stay or Defer Sanctions in the San Joaquin Valley Unified Air Pollution Control District, 6809-6811 2025-01215 Ohio; Withdrawal of Technical Amendment, 6811-6823 2025-00968 PROPOSED RULES Air Quality State Implementation Plans;
Approvals and Promulgations: California; San Joaquin Valley Unified Air Pollution Control District; Stationary Source Permits, 6928-6932 2025-01220 South Carolina; Minor Source Permit Program Revisions, 6954-6967 2025-00438 West Virginia; Regional Haze State Implementation Plan for the Second Implementation Period, 6932-6954 2025-01101 Clean Water Act Methods Update Rule 22 for the Analysis of Contaminants in Effluent, 6967-7037 2024-29239 Pesticides: Petition Seeking Rulemaking to Modify Labeling Requirements for Pesticides and Devices, 7037-7038 2025-00251 NOTICES Clean Air Act Operating Permit Program:
Petition for Objection to State Operating Permit for Shell Chemical, LP, Harris County, TX, 7136 2025-01352 Final Biofuels and the Environment: Third Triennial Report to Congress, 7135 2025-01385 Proposed Consent Decree: Clean Water Act Claim, 7133-7135 2025-01382 Export Import Export-Import Bank NOTICES Agency Information Collection Activities; Proposals, Submissions, and Approvals: Application for Short-Term Multi-Buyer Export Credit Insurance Policy, 7136 2025-01250 Federal Accounting Federal Accounting Standards Advisory Board NOTICES Hearings, Meetings, Proceedings, etc.:
Appointments Panel, 7136-7137 2025-01321 Federal Aviation Federal Aviation Administration RULES Airspace Designations and Reporting Points: Crosby, ND, 6796 2025-01367 PROPOSED RULES Airworthiness Directives: Airbus SAS Airplanes, 6841-6843 2025-01358 NOTICES Petition for Exemption; Summary: Merlin Labs, Inc., 7231 2025-01276 Federal Communications Federal Communications Commission RULES Resilient Networks; Disruptions to Communications, 6839-6840 2025-00495 NOTICES Agency Information Collection Activities;
Proposals, Submissions, and Approvals, 7137-7139 2025-01387 2025-01388 Federal Energy Federal Energy Regulatory Commission PROPOSED RULES Reliability Standards for Frequency and Voltage Protection Settings and Ride-Through for Inverter-Based Resources, 6845-6852 2025-00263 NOTICES Combined Filings, 7132-7133 2025-01331 2025-01332 Records Governing Off-the-Record Communications, 7131-7132 2025-01334 Federal Highway Federal Highway Administration PROPOSED RULES Asset Management Plans:
Management and Monitoring Systems, 6873-6874 2025-00323 Federal Motor Federal Motor Carrier Safety Administration NOTICES Exemption Application: Qualification of Drivers; Hearing, 7231-7233 2025-01311 Federal Retirement Federal Retirement Thrift Investment Board NOTICES Hearings, Meetings, Proceedings, etc., 7139 2025-01329 Federal Trade Federal Trade Commission PROPOSED RULES Negative Option Rule, 6843-6844 2025-00634 NOTICES Agency Information Collection Activities; Proposals, Submissions, and Approvals, 7139-7140 2025-01302 Federal Transit Federal Transit Administration NOTICES Establishment of Emergency Relief Docket for Calendar Year 2025, 7233-7234 2025-01251 Fish Fish and Wildlife Service PROPOSED RULES Endangered and Threatened Species: 90-Day Findings for 8 Species, 7038-7043 2025-01118 Status for Big Red Sage, 7043-7056 2025-01117 Migratory Bird Hunting:
Proposed 2025-26 Migratory Game Bird Hunting Regulations, 7056-7066 2025-01319 Migratory Bird Subsistence Harvest in Alaska, 7066-7070 2025-00512 NOTICES Environmental Assessments; Availability, etc.: Incidental Take Permit Application for the Quino Checkerspot Butterfly and Western Spadefoot; Draft Habitat Conservation Plan; Alpine Park Project, Community of Alpine, San Diego County, CA, 7152-7153 2025-01341 Permits; Applications, Issuances, etc.: Endangered and Threatened Species, 7150-7154 2025-01342 2025-01344 Incidental Take for the Desert Tortoise;
Draft Habitat Conservation Plan and Draft Environmental Assessment; Overnight Solar Energy Project, San Bernardino County, CA, 7154-7155 2025-01340 Food and Drug Food and Drug Administration RULES New Animal Drugs: Approval of New Animal Drug Applications; Withdrawal of Approval of New Animal Drug Applications; Change of Sponsor; Change of Sponsor Address, 6797-6804 2025-01226 Foreign Assets Foreign Assets Control Office NOTICES Sanctions Action, 7245 2025-01306 Forest Forest Service PROPOSED RULES Subsistence Management Regulations for Public Lands in Alaska: 2026-27 and 2027-28 Subsistence Taking of Wildlife Regulations, 6922-6927 2025-00434 NOTICES Hearings, Meetings, Proceedings, etc.:
Eleven Point Resource Advisory Committee, 7076 2025-01285 Requests for Nominations: Secure Rural Schools Resource Advisory Committees, 7077-7078 2025-01287 Geological Geological Survey NOTICES Agency Information Collection Activities; Proposals, Submissions, and Approvals: Hydrography Addressing Tool, 7155-7156 2025-01241 Health and Human Health and Human Services Department See Centers for Disease Control and Prevention See Children and Families Administration See Food and Drug Administration See Indian Health Service See National Institutes of Health Homeland Homeland Security Department See Coast Guard See U.S.
Customs and Border Protection RULES Ratification of Security Directives, 6777-6779 2025-01422 Indian Health Indian Health Service NOTICES Organization, Functions, and Delegations of Authority: Headquarters, Office of Information Technology and Office of Management Services, 7141-7149 2025-00535 Interior Interior Department See Fish and Wildlife Service See Geological Survey See National Park Service PROPOSED RULES Subsistence Management Regulations for Public Lands in Alaska: 2026-27 and 2027-28 Subsistence Taking of Wildlife Regulations, 6922-6927 2025-00434 Internal Revenue Internal Revenue Service NOTICES Superfund Tax on Chemical Substances:
Modification to List of Taxable Substances; Filing for Cyanuric Acid, 7246-7247 2025-01370 Modification to List of Taxable Substances; Filing for Potassium Bicarbonate, 7245-7246 2025-01372 Modification to List of Taxable Substances; Filing for Potassium Carbonate, 7247 2025-01373 Modification to List of Taxable Substances; Filing for Sodium Chlorite, 7247-7248 2025-01371 International Trade Adm International Trade Administration NOTICES Antidumping or Countervailing Duty Investigations, Orders, or Reviews:
Pure Magnesium from the People's Republic of China, 7078-7080 2025-01304 International Trade Com International Trade Commission NOTICES Investigations; Determinations, Modifications, and Rulings, etc.: Certain Passive Optical Network Equipment, 7158-7159 2025-01307 Certain Photovoltaic Connectors and Components Thereof, 7157-7158 2025-01310 Justice Department Justice Department See Antitrust Division See Drug Enforcement Administration See Justice Programs Office See National Institute of Justice RULES Processes and Procedures for Issuance and Use of Guidance Documents, 6804-6806 2025-01409 PROPOSED RULES Homicide Victims' Families' Rights Act, 6879-6894 2025-01159 Justice Programs Justice Programs Office PROPOSED RULES International Terrorism Victim Expense Reimbursement Program, 6874-6879 2025-00071 Labor Department Labor Department See Employee Benefits Security Administration NOTICES Agency Information Collection Activities;
Proposals, Submissions, and Approvals: Senior Community Service Employment Program Older Workers Study Impact Evaluation, 7190 2025-01254 National Highway National Highway Traffic Safety Administration NOTICES Exemption: Legacy Limousines and Luxury Coaches; Temporary Exemption From Shoulder Belt Requirement for Side-Facing Seats on Motorcoaches, 7234-7238 2025-01299 Motor Vehicle Defect Petition; Denial, 7238-7239 2025-01351 National Institute Justice National Institute of Justice NOTICES Hearings, Meetings, Proceedings, etc.:
Body Armor Manufacturer Workshop, 7174 2025-01247 National Institute National Institutes of Health NOTICES Hearings, Meetings, Proceedings, etc.: National Cancer Institute, 7150 2025-01328 National Human Genome Research Institute, 7150 2025-01327 National Institute of Neurological Disorders and Stroke, 7149-7150 2025-01330 National Oceanic National Oceanic and Atmospheric Administration NOTICES Agency Information Collection Activities; Proposals, Submissions, and Approvals: Office of Marine and Aviation Operations:
Occupational Health, Safety, and Readiness Forms, 7081-7082 2025-01314 Permits; Applications, Issuances, etc.: Marine Mammals; File Nos. 28286 and 22095, 7101 2025-01282 Requests for Nominations: Western and Central Pacific Fisheries Commission Permanent Advisory Committee, 7080-7081 2025-01381 Taking or Importing of Marine Mammals: Geophysical Surveys Related to Oil and Gas Activities in the Gulf of Mexico, 7102-7104 2025-01369 U.S. Coast Guard Construction in Florence, OR, 7082-7101 2025-01383 National Park National Park Service NOTICES Intent to Extend Concession Contracts at Yellowstone National Park, 7156-7157 2025-01240 Nuclear Regulatory Nuclear Regulatory Commission NOTICES Facility Operating and Combined Licenses:
Applications and Amendments Involving Proposed No Significant Hazards Considerations, etc., 7190-7197 2025-00444 Occupational Safety Health Rev Occupational Safety and Health Review Commission NOTICES Performance Review Board Members, 7197-7198 2025-01355 Pension Benefit Pension Benefit Guaranty Corporation PROPOSED RULES Miscellaneous Corrections, Clarifications, and Improvements, 6894-6902 2025-00726 NOTICES Agency Information Collection Activities; Proposals, Submissions, and Approvals, 7198 2025-01360 Personnel Personnel Management Office RULES Prevailing Rate Systems:
Change in Criteria for Defining Appropriated Fund Federal Wage System Wage Areas, 7428-7462 2025-00555 Pipeline Pipeline and Hazardous Materials Safety Administration NOTICES Buy America Waiver: Gas Service Risers, Gas Service Regulators, and Gas Meters Under the Natural Gas Distribution Infrastructure Safety and Modernization Program, 7241-7243 2025-01320 Project-Specific Waiver of the Build America, Buy America Act Requirements: City Utilities of Springfield, MO; Certain Products under the Natural Gas Distribution Infrastructure Safety and Modernization Grant Program, 7240-7241 2025-01356 Project-Specific Waiver of the Build America, Buy America Act:
Certain Products Used by Philadelphia Gas Works under the Natural Gas Distribution Infrastructure Safety and Modernization Grant Program, 7243-7244 2025-01365 Postal Regulatory Postal Regulatory Commission PROPOSED RULES Periodic Reporting, 6927-6928 2025-00153 NOTICES New Postal Products, 7198-7199 2025-01378 Securities Securities and Exchange Commission RULES Electronic Submission of Certain Materials Under the Securities Exchange Act: Amendments Regarding the Financial and Operational Combined Uniform Single Report, 7250-7426 2024-30433 NOTICES Application:
ETF Opportunities Trust and Brookmont Capital Management, LLC, 7203 2025-01363 ETF Opportunities Trust and REX Advisers, LLC, 7202 2025-01364 Meetings; Sunshine Act, 7200, 7202-7203 2025-01517 2025-01519 Self-Regulatory Organizations; Proposed Rule Changes: Cboe EDGX Exchange, Inc., 7201-7202 2025-01291 Cboe Exchange, Inc., 7200-7201 2025-01296 Investors Exchange LLC, 7205-7227 2025-01290 LCH SA, 7228 2025-01297 MIAX Sapphire, LLC, 7204 2025-01294 Nasdaq BX, Inc., 7204-7205 2025-01293 New York Stock Exchange LLC, 7203 2025-01292 NYSE Arca, Inc., 7199 2025-01289 The Nasdaq Stock Market LLC, 7200 2025-01295 Small Business Small Business Administration NOTICES Disaster Declaration:
Native Village of Kwigillingok; Public Assistance Only, 7229 2025-01345 South Carolina; Public Assistance Only, 7228-7229 2025-01343 State Department State Department NOTICES Culturally Significant Objects Imported for Exhibition: Hilma af Klint: What Stands Behind the Flowers, 7229 2025-01301 Van Gogh: The Roulin Family Portraits, 7229-7230 2025-01309 Susquehanna Susquehanna River Basin Commission NOTICES Grandfathering Registration, 7230-7231 2025-01253 Projects Approved for Consumptive Uses of Water, 7230 2025-01262 Transportation Department Transportation Department See Federal Aviation Administration See Federal Highway Administration See Federal Motor Carrier Safety Administration See Federal Transit Administration See National Highway Traffic Safety Administration See Pipeline and Hazardous Materials Safety Administration Treasury Treasury Department See Foreign Assets Control Office See Internal Revenue Service PROPOSED RULES Trade and National Security Actions and Low-Value Shipments, 6852-6873 2025-01074 NOTICES Agency Information Collection Activities;
Proposals, Submissions, and Approvals: Internal Revenue Service Information Collection Request, 7248 2025-01359 Customs U.S. Customs and Border Protection PROPOSED RULES Trade and National Security Actions and Low-Value Shipments, 6852-6873 2025-01074 Separate Parts In This Issue Part II Securities and Exchange Commission, 7250-7426 2024-30433 Part III Personnel Management Office, 7428-7462 2025-00555 Part IV Energy Department, 7464-7648 2024-31214 Reader Aids Consult the Reader Aids section at the end of this issue for phone numbers, online resources, finding aids, and notice of recently enacted public laws.
To subscribe to the Federal Register Table of Contents electronic mailing list, go to https://public.govdelivery.com/accounts/USGPOOFR/subscriber/new, enter your e-mail address, then follow the instructions to join, leave, or manage your subscription. 90 12 Tuesday, January 21, 2025 Rules and Regulations DEPARTMENT OF HOMELAND SECURITY 6 CFR Chapter I 49 CFR Chapter XII Ratification of Security Directives AGENCY: Office of Strategy, Policy, and Plans, Department of Homeland Security (DHS).
ACTION: Notification of ratification of security directives. SUMMARY: The Department of Homeland Security
(DHS)is publishing official notice that the Transportation Security Oversight Board
(TSOB)has ratified Transportation Security Administration
(TSA)Security Directive 1580-21-01B, Security Directive 1582-21-01B, Security Directive 1580/82-2022-01A, and Security Directive 1580/82-2022-01C applicable to owners and operators of critical rail entities (owners/operators). Security Directive 1580-21-01B and Security Directive 1582-21-01B extended the requirements of 1580-21-01 and 1582-21-01 series for an additional year, with minor revisions. Security Directive 1580/82-2022-01A and Security Directive 1580/82-2022-01C extend the performance-based requirements of the 1580/82-2022-01 series for an additional year and amends them to strengthen their effectiveness and address emerging cyber threats. DATES: The TSOB ratified Security Directive 1580-21-01B, Security Directive 1582-21-01B, and Security Directive 1580/82-2022-01A on November 22, 2023. The TSOB ratified Security Directive 1580/82-2022-01C on July 29, 2024. FOR FURTHER INFORMATION CONTACT: Thomas McDermott, Deputy Assistant Secretary for Cyber, Infrastructure, Risk and Resilience Policy, at 202-834-5803 or *thomas.mcdermott@hq.dhs.gov.* SUPPLEMENTARY INFORMATION: I. Background A. Cybersecurity Threat The cyber threat faced by the nation's critical rail infrastructure has only increased in the time since TSA issued its initial security directives addressing cybersecurity in rail and mass transit in December 2021. 1 Cyber threats to surface transportation systems, including railroads and transit systems, continue to proliferate, as both nation-states and criminal cyber groups target critical infrastructure in order to cause operational disruption and economic harm. 2 In recent years, cyber attackers have maliciously targeted surface transportation modes in the United States, including freight railroads, passenger railroads, and rail transit systems, with multiple cyberattack and cyber espionage campaigns. 3 Cyber incidents, particularly ransomware attacks, are likely to increase in the near- and long-term, due in part to vulnerabilities identified by threat actors in U.S. networks. 4 Especially in light of the ongoing Russia-Ukraine conflict, 5 these threats remain elevated and pose a risk to the national and economic security of the United States. 1 Transportation Security Administration, SD 1580-21-01 Enhancing Rail Cybersecurity (Dec. 31, 2021), *https://www.tsa.gov/sites/default/files/sd-1580-21-01_signed.pdf;* Transportation Security Administration, SD 1582-21-01 Enhancing public Transportation and Passenger Railroad Cybersecurity (Dec. 31, 2021), *https://www.tsa.gov/sites/default/files/sd-1582-21-01_signed.pdf.* 2 Annual Threat Assessment of the U.S. Intelligence Community, Office of the Director of National Intelligence (2024 Intelligence Community Assessment), 11, 16 (dated Feb. 5, 2024) (last accessed July 23, 2024, at *https://www.dni.gov/files/ODNI/documents/assessments/ATA-2024-Unclassified-Report.pdf* ). 3 These activities include the January 2023 breach of the Washington Metropolitan Area Transit Authority; the January 2023 breach of San Francisco's Bay Area Rapid Transit System; and the April 2021 breach of New York City's Metropolitan Transportation Authority (the nation's largest mass transit agency) by hackers linked to the government of the People's Republic of China. This threat is ongoing: on February 7, 2024, CISA published an advisory warning of the threat posed by PRC state-sponsored actors. *See* Cybersecurity Advisory (AA24-038A), *PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure.* 4 Alert (AA22-040A), *2021 Trends Show Increased Globalized Threat of Ransomware,* released by CISA on February 10, 2022 (as revised). 5 Joint Cybersecurity Alert—Alert (AA22-110A), *Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure,* released cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom on April 20, 2022 (as revised). In its 2023 annual assessment, the Intelligence Community noted that “China almost certainly is capable of launching cyber attacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems.” 6 And the 2024 annual assessment notes that, “[i]f Beijing believed that a major conflict with the United States were imminent, it would consider aggressive cyber operations against U.S. critical infrastructure and military assets. Such a strike would be designed to deter U.S. military action by impeding U.S. decision-making, inducing societal panic, and interfering with the deployment of U.S. forces.” 7 In addition, “Russia maintains its ability to target critical infrastructure . . . in the United States as well as in allied and partner countries” and “Tehran's opportunistic approach to cyber-attacks puts U.S. infrastructure at risk for being targeted.” 8 Furthermore, “malicious cyber actors have begun testing the capabilities of [artificial intelligence (AI)]-developed malware and AI-assisted software development—technologies that have the potential to enable larger scale, faster, efficient, and more evasive cyber-attacks—against targets, including pipelines, railways, and other US critical infrastructure.” 9 6 Annual Threat Assessment of the U.S. Intelligence Community, Office of the Director of National Intelligence (2023 Intelligence Community Assessment), 10 (dated February 6, 2023) (last accessed July 23 2024), *available at https://www.dni.gov/files/ODNI/documents/assessments/ATA-2023-Unclassified-Report.pdf.* 7 2024 Intelligence Community Assessment at 11. 8 2024 Intelligence Community Assessment at 16, 20. 9 DHS Intelligence and Analysis (I&A), Homeland Threat Assessment
(2024)at 18 (last accessed July 23, 2024, *available at https://www.dhs.gov/sites/default/files/2023-09/23_0913_ia_23-333-ia_u_homeland-threat-assessment-2024_508C_V6_13Sep23.pdf* ). B. Regulatory History To counter the threat to rail infrastructure, in December 2021, TSA issued two security directives to owners and operators of certain higher risk rail entities (owner/operators) requiring them to implement cybersecurity measures necessary to prevent disruption and degradation to their critical infrastructure. Security Directive 1580-21-01 (applicable to freight rail entities) and Security Directive 1582-21-01 (applicable to passenger rail and mass transit entities) required covered owner operators to:
(1)report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA);
(2)designate a cybersecurity coordinator to be available 24/7 to coordinate with TSA and CISA;
(3)conduct a vulnerability assessment of cybersecurity practices, identify any gaps, and develop a plan and timeline for remediation; and
(4)develop a Cybersecurity Incident Response Plan to reduce the risk of operational disruption in the event of a cybersecurity incident. Due to the evolving threat to freight and passenger rail, TSA issued Security Directive 1580/82-2022-01 on October 18, 2022, which built on the requirements of the initial directives and required covered owner/operators to implement additional performance-based cybersecurity measures. 10 Under the performance-based framework of Security Directive 1580/82-2022-01, TSA identified critical security outcomes that covered parties must achieve. To ensure that these outcomes are met, the directive required owner/operators to: 10 88 FR 36921 (June 6, 2023). • Establish and implement a TSA-approved Cybersecurity Implementation Plan
(CIP)that describes the specific cybersecurity measures employed and the schedule for achieving the security outcomes identified; and • Establish a Cybersecurity Assessment Program
(CAP)and submit an annual plan that describes how the owner/operator will proactively and regularly assess the effectiveness of cybersecurity measures and identify and resolve device, network, and/or system vulnerabilities. The performance-based approach enhances security by mandating that critical security outcomes are achieved while allowing owner/operators to choose the most appropriate security measures for their specific systems and operations. In response to the continuing cyber threat to rail infrastructure, the requirements of Security Directive 1580-21-01, Security Directive 1582-21-01, and Security Directive 1580/82-2022-01 have been renewed and extended beyond their original expiration dates by subsequent directives, creating three security directive series (the 1580-21-01 series, the 1582-21-01 series, and 1580/82-2022-01 series). As TSA has renewed these directives series, it has also amended their requirements to strengthen their effectiveness and address emerging cyber threats. The table below provides a list of each of the security directives within the 1580-21-01, 1582-21-01, and 1580/82-2022-01 series. All of the security directives provided in the table are available online in TSA's Surface Transportation Cybersecurity Toolkit. 11 11 TSA Surface Transportation Cybersecurity Toolkit, *available at https://www.tsa.gov/for-industry/surface-transportation-cybersecurity-toolkit.* Table 1—TSA Security Directives Applicable to Freight Rail, Passenger Rail, and Rail Transit Systems Security directive Date issued Effective date Date ratified by TSOB Set expiration date Federal Register notice of ratification 1580-21-01 Dec. 2, 2021 Dec. 31, 2021 Dec. 29, 2021 Dec. 31, 2022 87 FR 31093. 1580-21-01A Oct. 18, 2022 Oct. 24, 2022 Nov. 16, 2022 Oct. 24, 2023 88 FR 36921. 1580-21-01B Oct. 23, 2023 Oct. 24, 2023 Nov. 22, 2023 Oct. 24, 2024 * Current. 1582-21-01 Dec. 2, 2021 Dec. 31, 2021 Dec. 29, 2021 Dec. 31, 2022 87 FR 31093. 1582-21-01A Oct. 18, 2022 Oct. 24, 2022 Nov. 16, 2022 Oct. 24, 2023 88 FR 36921. 1582-21-01B Oct. 23, 2023 Oct. 24, 2023 Nov. 22, 2023 Oct. 24, 2024 * Current. 1580/82-2022-01 Oct. 18, 2022 Oct. 24, 2022 Nov. 16, 2022 Oct. 24, 2023 88 FR 36921. 1580/82-2022-01A Oct. 23, 2023 Oct. 24, 2023 Nov. 22, 2023 Oct. 24, 2024 * Current. 1580/82-2022-01C Jul. 1, 2024 Jul. 1, 2024 July 29, 2024 May 2, 2025 * Current. C. Security Directive 1580-21-01B and Security Directive 1582-21-01B In light of the continuing threat, TSA determined that the cybersecurity measures required by the 1580-21-01 and 1582-21-01 security directive series remain necessary to protect the nation's critical rail infrastructure beyond the October 24, 2023, expiration date of Security Directive 1580-21-01A and Security Directive 1582-21-01A. On October 23, 2023, TSA issued Security Directive 1580-21-01B and Security Directive 1582-21-01B, extending the requirements of the 1580-21-01 (applicable to freight rail) and 1582-21-01 (applicable to passenger rail and rail transit systems) security directive series for an additional year. Security Directive 1580-21-01B and Security Directive 1582-21-01B contained minor revisions to provide further clarity regarding the applicability of the directives and their compliance deadlines. Additionally, the directives included revisions to improve the effectiveness of the required Cyber Incident Response Plans (CIRPs) by specifying certain requirements for testing exercises. The directives became effective on October 24, 2023, and expired on October 24, 2024. 12 12 On October 23, 2024, TSA issued Security Directive 1580-21-01C and Security Directive 1582-21-01C. These Security Directives superseded the respective -01B directives. Security Directive 1580-21-01C and Security Directive 1582-21-01C each went into effect on October 24, 2024. D. Security Directive 1580/82-2022-01A Considering the continuing threat, TSA also determined that the measures required by the 1580/82-2022-01 series remained necessary to protect the Nation's critical rail infrastructure beyond Security Directive 1580/82-2022-01's expiration date of October 24, 2023. On October 23, 2023, TSA issued Security Directive 1580/82-2022-01A, extending the requirements of the 1580/82-2022-01 series for an additional year. The directive became effective on October 24, 2023, and was set to expire on October 24, 2024. In addition to extending the performance-based requirements of the initial directive in this series, Security Directive 1580/82-2022-01A included revisions to strengthen the effectiveness of these requirements and allow greater ability to respond to changing threats. Specifically, the revisions improved the effectiveness of the requirements related to Cybersecurity Assessment Plans (referred to as Cybersecurity Assessment Programs in prior versions); ensured the provisions related to defining Critical Cyber Systems allow flexibility to respond to emerging and evolving threats; and provided greater clarity regarding the role of “Managed Security Service Providers” and “Authorized Representatives.” E. Security Directive 1580/82-2022-01C To address ongoing cyber threats to rail transportation infrastructure, TSA determined that further amendments to the 1580/82-2022-01 series were necessary prior to the expiration of Security Directive 1580/82-2022-01A. On July 1, 2024, TSA issued Security Directive 1580/82-2022-01C, revising and extending the requirements of Security Directive 1580/82-2022-01A. 13 The directive became effective on July 1, 2024, 2024, and is set to expire on May 2, 2025. 13 TSA first issued these revisions as Security Directive 1580/82-2022-01B on May 1, 2024. Due to two oversights in the original directive that may have created confusion, TSA issued a corrected version of the amended directive (Security Directive 1580/82-2022-01C) on July 1, 2024. TSA sought TSOB review and ratification of the reissued directive, currently in effect. Security Directive 1580/82-2022-01C specifically requires Positive Train Control
(PTC)systems be included in owner/operators' list of Critical Cyber Systems, subjecting them to the applicable performance-based cybersecurity measures. The designation of PTC systems as a Critical Cyber System ensures that PTC systems are protected by the performance-based cybersecurity measures of the Security Directive 1580/82-2022-01 series. II. TSOB Ratification TSA issued Security Directive 1580-21-01B, Security Directive 1582-21-01B, Security Directive 1580/82-2022-01A, and Security Directive 1580/82-2022-01C under 49 U.S.C. 114( *l* )(2)(A), which authorizes TSA to issue emergency regulations or security directives without providing notice or the opportunity for public comment when “the Administrator determines that a regulation or security directive must be issued immediately in order to protect transportation security . . . .” Security directives issued pursuant to the procedures in 49 U.S.C. 114( *l* )(2) “shall remain effective for a period not to exceed 90 days unless ratified or disapproved by the [Transportation Security Oversight Board] or rescinded by the Administrator.” 14 14 49 U.S.C. 114( *l* )(2)(B). The Transportation Security Oversight Board
(TSOB)is a body consisting of the Secretary of Homeland Security, the Secretary of Transportation, the Attorney General, the Secretary of Defense, the Secretary of the Treasury, the Director of National Intelligence, or their designees, and a representative of the National Security Council. 15 Among its statutory duties, the TSOB must “review and ratify or disapprove” security directives issued under 49 U.S.C. 114( *l* )(2) within 30 days of the action's issuance. 16 15 49 U.S.C. 115(a), (b). 16 49 U.S.C. 115(c)(1); 49 U.S.C. 114( *l* )(2)(B). Following the issuance of Security Directive 1580-21-01B, Security Directive 1582-21-01B, Security Directive 1580/82-2022-01A, and Security Directive 1580/82-2022-01C, the chair of the TSOB convened the board to review the directives. 17 In reviewing each directive, the TSOB reviewed the required measures extended and amended by the directives and the continuing need for TSA to maintain these requirements pursuant to its emergency authority under 49 U.S.C. 114( *1* )(2) to prevent the disruption and degradation of the country's critical transportation infrastructure. The TSOB also considered whether to authorize TSA to extend each security directive beyond their expiration dates subject to certain conditions, should the TSA Administrator believe such an extension is necessary to address the evolving threat that may continue beyond the original expiration date. 17 The Secretary of Homeland Security serves as the TSOB Chairperson, 49 U.S.C. 115(b)(2), and has further delegated that responsibility to the Deputy Secretary of Homeland Secretary. DHS Delegation No. 7071.1. Following its review, the TSOB ratified Security Directive 1580-21-01B, Security Directive 1582-21-01B, and Security Directive 1580/82-2022-01A on November 22, 2023; and ratified Security Directive 1580/82-2022-01C on July 29, 2024. The TSOB also authorized TSA to extend each of the security directives beyond their current expiration dates, should the TSA Administrator determine such an extension is necessary to address the evolving threat that may continue beyond the original expiration date. Such an extension is subject to the following conditions:
(1)there are no changes to the security directive other than an extended expiration date;
(2)the TSA Administrator makes an affirmative determination that conditions warrant the extension of the directive's requirements; and
(3)the TSA Administrator documents such a determination and notifies the TSOB. Kristie Canegallo, Senior Official Performing the Duties of the Deputy Secretary of Homeland Security & Chairman of the Transportation Security Oversight Board. [FR Doc. 2025-01422 Filed 1-16-25; 4:15 pm]
Connectionstraces to 2
Traces to 2 documents
Citation graph
cites case law
Cites 2Cited by 0 across 0 sources