American Gas Association Commends TSA for Publication of Rule to Enhance Cyber Risk Management 

Washington – The American Gas Association (AGA) commends the Transportation Security Administration (TSA) for the publication of the new Enhancing Surface Cyber Risk Management Notice of proposed rulemaking (NPRM), which proposes enhanced cyber risk management (CRM) requirements on certain pipeline and rail owner/operators.

“Our industry has spent more than two decades collaborating closely with TSA on efforts to advance the security of natural gas utilities,” said AGA VP, Security and Operations Kimberly Denbow. “We take all potential threats to the safe and reliable delivery of natural gas seriously and have made mitigating cyber risks a high priority for our industry.” 

AGA member natural gas utilities utilize a portfolio of leading cyber practices, industry standards, and governmental regulation to manage cybersecurity risks. Operators face varying local, state, and federal security expectations, with each operator executing a mix of voluntary and required efforts to reduce risk. 

“Cybersecurity is an evolving threat our member companies address as part of their broader risk management efforts,” continued Denbow. “The ability to be agile and pivot cannot be overstated, and this can best be achieved through a risk-based, outcome-focused approach.” 

While AGA is still evaluating the details of the proposed rule, the industry has long held that functional cybersecurity regulations should define and direct regulators’ desired outcomes, while empowering operators to ascertain the most attainable and sustainable methods of achieving them. Maximally effective regulations should support an auditable process that verifies the outcomes are being achieved and holds the operator accountable, while also benefiting both the regulating authority and the operator. AGA looks forward to continuing to work with TSA on the development and refinement of reasonable cybersecurity regulations.