On December 7, 2021, the U.S House of Representatives passed S. 1605, the National Defense Authorization Act for Fiscal Year 2022, by a vote of 363 to 70. The NDAA includes several important public transit provisions, including provisions dealing with cybersecurity, transit security grants, and disposition of transit property for affordable housing. The Senate is expected to consider and pass the legislation in the next few days. APTA staff expect the bill to become law this year.

Please click here to view the text of the bill and the accompanying explanatory statement.

National Defense Authorization Act (NDAA)

Cybersecurity and Transit Security Grant Provisions

Section 1548 of the NDAA requires the Director of the Cybersecurity and Infrastructure Security Agency (CISA) to establish a program, to be known as “CyberSentry”, to provide continuous monitoring and detection of cybersecurity risks to critical infrastructure entities that own or operate industrial control systems (ICS) that support national critical functions, upon request and subject to the consent of the owner or operator. Under a CyberSentry partnership agreement, CyberSentry will provide technical assistance, such as continuous monitoring of ICS and the information systems that support such systems, detection of cybersecurity risk to such ICS, and other cybersecurity services as agreed upon.

Section 6418 of the NDAA requires the Secretary of Homeland Security to prioritize the assignment of Transportation Security Administration (TSA) and Department of Homeland Security (DHS) officers and intelligence analysts to locations with participating state, local, and regional fusion centers in jurisdictions with high-risk surface transportation assets to enhance the security of such assets, including by providing timely information sharing regarding threats of terrorism, targeted violence, and other threats. Under the provision, the DHS Secretary is required to make security clearances available to appropriate owners and operators of surface transportation assets to foster greater sharing of classified information relating to threats of terrorism, and other threats to surface transportation assets. (APTA recommends that an agency’s Cybersecurity Coordinator as required by TSA Security Directive 1582-21-01 (discussed below) consider applying for a security clearance from DHS.)

Sections 6420 expands the operating use of funds for the public transportation security assistance grant program to include “associated backfill” (e.g., backfilling personnel attending an approved training course or program). In addition, section 6421 of the bill requires that grants made under the program are available for use by grant recipients for no fewer than 36 months. In addition, grants made for security improvements to public transportation systems, stations, and other public transportation infrastructure are available for no fewer than 48 months. Finally, section 6422 requires the Government Accountability Office to conduct a review of the public transportation security assistance program and report to Congress no later than one year after the date of enactment of this Act, and again no later than five years after enactment.

Public Transit Property Disposition for Affordable Housing

Section 6609 of the NDAA bill enhances the ability of public transit agencies to dispose of property for transit-oriented development/affordable housing purposes. Specifically, the bill amends 49 U.S.C. § 5334(h)(1) to allow a recipient of assistance to dispose of property by transferring the asset to a local government authority to be used for a public purpose (as in current law), or a local governmental authority, non-profit organization, or other third-party entity to be used for transit-oriented development with no further obligation to the federal government if:

  • the asset is a necessary component of a proposed transit-oriented development project;
  • the transit-oriented development project will increase transit ridership;
  • at least 40 percent of the housing units offered in the transit-oriented development, including housing units owned by nongovernmental entities, are legally binding affordability restricted to tenants with incomes at or below 60 percent of the area median income and owners with incomes at or below 60 percent the area median income, which shall include at least 20 percent of such housing units offered restricted to tenants with incomes at or below 30 percent of the area median income and owners with incomes at or below 30 percent the area median income;
  • the asset will remain in use for at least 30 years after the date the asset is transferred; and
  • with respect to a transfer to a third-party entity—
    • a local government authority or nonprofit organization is unable to receive the property;
    • the overall benefit of allowing the transfer is greater than the interest of the Government in liquidation and return of the financial interest of the Government in the asset, after considering fair market value and other factors; and
    • the third party has demonstrated a satisfactory history of construction or operating an affordable housing development.

TSA Cybersecurity Security Directive and Information Circular

On December 2, 2021, TSA issued Security Directive 1582-21-01: “Enhancing Public Transportation and Passenger Railroad Cybersecurity”, for each owner/operator of a passenger railroad carrier or rail transit system identified in 49 CFR 1582.101. The directive goes into effect December 31, 2021. APTA believes that the Security Directive applies to 23 rail transit systems and passenger railroads.

The Security Directive requires the owner/operator of an applicable passenger railroad carrier or rail transit system, to:

  • Designate a Cybersecurity Coordinator who is required to be available to TSA and CISA 24/7 to coordinate cyber practices and address any incidents;
  • Report cybersecurity incidents to CISA no later than 24 hours after a cybersecurity incident is identified;
  • Develop and adopt a Cybersecurity Incident Response Plan; and
  • Conduct a cybersecurity vulnerability assessment using a form provided by TSA.

An owner/operator must immediately notify TSA at TSA-Surface_Cyber@tsa.dhs.gov  if it is unable to implement any of the measures in the Security Directive and may provide a proposed alternative measure for TSA approval.

In addition, on December 2, TSA issued Information Circular Surface Transportation IC-2021-01 strongly recommending that all other public transit agencies adopt these same measures.

Coalition Letter on Infrastructure Flexibility Act

On December 6, 2021, APTA, together with Coalition partners, sent a letter to Speaker of the House Nancy Pelosi (D-CA) and Minority Leader Kevin McCarthy (R-CA) urging the House of Representatives to consider S. 3011/H.R. 5735, the State, Local, Tribal, and Territorial Fiscal Recovery, Infrastructure, and Disaster Relief Flexibility Act. This legislation would enable states and local governments to use up to $123 billion of their American Rescue Plan funds for public transportation and other infrastructure.

Please click here to view the letter.

Please click here to view APTA’s Fact Sheet on S. 3011.

Print Friendly, PDF & Email