TSA chief behind cyber directives for aviation, pipelines and rail ousted by Trump team

The head of the Transportation Security Administration (TSA) was pushed out of his position by the Trump administration on Monday.

TSA administrator David Pekoske, who was appointed during President Donald Trump’s first term and led the way in issuing cybersecurity directives governing  the airline, pipeline and rail industries, sent a farewell memo to the agency’s staff saying he was “advised” by Trump’s transition team that his time in charge would end at noon on Monday. 

“People place their trust in you no matter what your job is in TSA, so they can travel and the goods they rely on can reach them via our transportation systems,” he said. “It’s an incredible responsibility that each of you has been entrusted with, and you carry it out in a manner that is an example of the best of America.”

The Department of Homeland Security confirmed Pekoske’s departure on Tuesday but declined to say who his replacement would be, directing Recorded Future News to the White House — which did not respond to requests for comment. Pekoske’s memo does not say why he was forced out.

Pekoske was appointed by Trump in 2017 and had his 5-year tenure renewed in 2022 by former President Joe Biden. He became a critical part of the Biden administration’s efforts to address cybersecurity failures following the ransomware attack on Colonial Pipeline in 2021. 

Most of the cybersecurity rules Pekoske helped usher in focused on mandating basic tasks like reporting cyber incidents, having cybersecurity coordinators and creating incident response plans and following minimum cybersecurity standards.

Biden officials heralded the directives as some of the most effective cybersecurity measures they took. As of October 2024, 100% of critical pipelines — about 90 in the United States — now meet minimum cybersecurity requirements and 68% of railways now meet minimum cyber requirements. The aviation industry went from 0% of organizations meeting minimum cyber standards to 57% by the end of Biden’s term.

Pekoske embraced TSA’s burgeoning involvement in cybersecurity, attending several large cybersecurity conferences in an effort to recruit new talent and glean advice on how to refine the cyber directives issued by the agency. 

At the DEF CON security conference in 2023, Pekoske said TSA was moving quickly to coordinate with other agencies and issue emergency directives because of the intelligence they are getting from security officials about cyber threats from China, Russia and other adversarial nations.

“You don’t issue emergency amendments to a security plan unless you feel like you are in an emergency situation,” he said at the time. “The intelligence we’re getting is consistent. It’s getting consistently more concerning over time.”

Trump’s first day in office featured several other minor cybersecurity-related moves. He rescinded an executive order issued by the Biden administration clarifying the line of succession for the Office of the National Cyber Director and removed another Biden order on artificial intelligence that said AI companies have to report on how they plan to protect their systems from foreign cyberattacks. 

The White House has not responded to requests for comment about a recent Biden executive order on cybersecurity that was removed from the U.S. government website on Tuesday but not officially rescinded.