The proposed rules codify existing temporary directives requiring pipeline and railroad operators to report cyber incidents and create cyber-risk management plans.
Source: htdarkreading.com