[Federal Register Volume 89, Number 44 (Tuesday, March 5, 2024)]
[Notices]
[Pages 15923-15924]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-04616]
-----------------------------------------------------------------------
DEPARTMENT OF TRANSPORTATION
Federal Highway Administration
[FHWA Docket No. FHWA-2024-0005]
FHWA Adoption of Cyber Security Evaluation Tool
AGENCY: Federal Highway Administration (FHWA), U.S. Department of
Transportation (DOT).
ACTION: Notice; request for comments.
-----------------------------------------------------------------------
SUMMARY: Following coordination with the U.S. Department of Homeland
Security, FHWA announces its proposal to adopt the Cyber Security
Evaluation Tool (CSET) as a voluntary tool transportation authorities
can use to assist in identifying, detecting, protecting against,
responding to, and recovering from cyber incidents. The FHWA requests
comments on its proposal.
DATES: Comments must be received on or before April 19, 2024. Late
comments will be considered to the extent practicable.
ADDRESSES: All comments should include the docket number that appears
in the heading of this document and may be submitted in any of the
following ways:
Electronically through the Federal eRulemaking Portal:
www.regulations.gov. This website allows the public to enter comments
on any Federal Register notice issued by any agency. Follow the online
instructions for submitting comments.
Mail: U.S. Department of Transportation, Docket
Operations, M-30, West Building Ground Floor, Room W12-140, 1200 New
Jersey Avenue SE, Washington, DC 20590.
Hand Delivery: U.S. Department of Transportation, Docket
Operations, West Building Ground Floor, Room W12-140, 1200 New Jersey
Avenue SE, Washington, DC 20590, between 9 a.m. and 5 p.m., ET, Monday
through Friday, except Federal holidays.
Instructions: You should identify the docket number at the
beginning of your comments. Note that all comments received will be
posted without change to www.regulations.gov, including any personal
information provided. For more information, you may review the U.S.
Department of Transportation's
[[Page 15924]]
complete Privacy Act Statement published in the Federal Register on
April 11, 2000 (65 FR 19477).
FOR FURTHER INFORMATION CONTACT: For questions about this notice,
please contact Mr. Jason Carnes, FHWA Transportation Security
Coordinator (202) 366-5280, or via email at [email protected],
Federal Highway Administration, 1200 New Jersey Avenue SE, Washington,
DC 20590. Office hours are from 8 a.m. to 4:30 p.m., ET, Monday through
Friday, except Federal holidays.
SUPPLEMENTARY INFORMATION:
Electronic Access
This document may be viewed online under the docket number noted
above through the Federal eRulemaking portal at: www.regulations.gov.
Electronic submission and retrieval help and guidelines are available
on the website. Please follow the online instructions.
An electronic copy of this document may also be downloaded from the
Office of the Federal Register's website at: www.FederalRegister.gov
and the U.S. Government Publishing Office's website at:
www.GovInfo.gov.
All comments received before the close of business on the comment
closing date indicated above will be considered and will be available
for examination in the docket at the above address. Comments received
after the comment closing date will be filed in the docket and will be
considered to the extent practicable. In addition to late comments,
FHWA will also continue to file relevant information in the docket as
it becomes available after the comment period closing date and
interested persons should continue to examine the docket for new
material.
Background
Pursuant to section 11510(b) of the Bipartisan Infrastructure Law
(BIL), enacted as the Infrastructure Investment and Jobs Act (Pub. L.
117-58), FHWA is required to develop a tool to assist transportation
authorities in identifying, detecting, protecting against, responding
to, and recovering from cyber incidents. Safety is the top priority of
DOT and FHWA. The FHWA routinely works closely and collaboratively with
Federal and State agencies whose primary missions revolve around
securing critical transportation infrastructure. The FHWA provides
subject matter expertise to those agencies in identifying potential
physical and cybersecurity threats and appropriate mitigation efforts.
When presented with physical or cybersecurity questions, concerns or
incidents from State, local, Tribal, and Territorial transportation
authorities, or other stakeholders, FHWA routinely assists in
connecting these entities to security-focused government agencies,
including the Transportation Security Administration (TSA),
Cybersecurity and Infrastructure Security Agency (CISA), and Federal
Bureau of Investigation (FBI).
In accordance with BIL, section 11510(b), FHWA is proposing to
adopt CISA's CSET as a voluntary tool that transportation authorities
can use to assist in identifying, detecting, protecting against,
responding to, and recovering from cyber incidents. The CISA's
cybersecurity mission is to defend and secure cyberspace by leading
national efforts to drive national cyber defense, resilience of
national critical functions, and a robust technology ecosystem. The
FHWA therefore thinks it is appropriate to leverage CISA's expertise
instead of attempting to create a separate and potentially duplicative
tool. The CSET, developed by CISA, is a comprehensive software tool
designed to assist organizations in assessing their cybersecurity
posture and developing structured improvement programs. The CSET helps
organizations evaluate their cybersecurity practices, identify
vulnerabilities, and prioritize mitigation efforts by providing a
systematic approach to assess cybersecurity controls and processes. It
offers a range of modules and questionnaires tailored to different
critical infrastructure sectors, making it a valuable resource for
organizations seeking to enhance their cybersecurity resilience through
a well-structured assessment and development program. The CSET is
available to the public for download at https://www.cisa.gov/downloading-and-installing-cset.
In proposing to adopt this voluntary tool to assist transportation
authorities regarding cyber incidents, FHWA has coordinated with CISA
and TSA, and consulted with appropriate stakeholders on the viability
and usefulness of the tool. The feedback received confirmed that State
agencies currently depend on a diverse array of cybersecurity tools
sourced from multiple stakeholders, encompassing both public and
private entities. Among these tools, several States choose to employ
the CSET, while others customize alternative cybersecurity solutions to
align with their distinct mission requirements. In addition, many State
departments of transportation employ a variety of tools encompassing
intrusion detection systems, vulnerability scanners, and encryption
technologies to fortify their cyber defense postures, reflecting the
complexity and diversity of their security strategies. The FHWA will
continue to partner with other Federal Agencies that have the primary
statutory mission to develop security-related cybersecurity tools to
ensure highway-related equities are considered and incorporated
appropriately.
Request for Comments
The FHWA requests comments regarding the Agency's proposal to adopt
CISA's CSET as a voluntary tool transportation authorities can use to
provide assistance regarding cyber incidents.
Further Proceedings
After considering public comments in response to this notice, FHWA
will publish a notice in the Federal Register adopting a final
cybersecurity tool.
Authority: Sec. 11510, Pub. L. 117-58, 135 Stat. 592.
Shailen P. Bhatt,
Administrator, Federal Highway Administration.
[FR Doc. 2024-04616 Filed 3-4-24; 8:45 am]
BILLING CODE 4910-22-P