The Transportation Security Administration proposed new rules this week that would codify existing temporary directives requiring pipeline and railroad operators to report cyber incidents and create cyber risk management (CRM) plans. The rule would formalize several security directives issued by TSA since the ransomware attack on Colonial Pipeline in 2021.