“Perpetual Emergencies” and Agency Power:
Grand Trunk Corporation v. Transportation Security Administration

Introduction

Grand Trunk Corporation and its subsidiary, Illinois Central Railroad Company (collectively “CN”), petitioned the United States Court of Appeals for the Seventh Circuit to set aside three TSA rail-cybersecurity directives issued in 2024 and 2025. The directives, grounded in updated intelligence on Russian and Chinese state-sponsored cyber operations, imposed costly and detailed obligations on “higher-risk” and STRACNET freight railroads. The petitioners argued that the Transportation Security Administration (i) unlawfully bypassed notice-and-comment procedures, (ii) failed to perform required cost–benefit analysis, (iii) lacked statutory authority to regulate rail cybersecurity altogether, and (iv) acted arbitrarily and capriciously.

The Seventh Circuit (Judges Scudder, Kirsch, and Lee, opinion by Judge Kirsch) rejected all four contentions, denying the petitions and, in the process, laid down a new and highly significant precedent: an ongoing, continuous cybersecurity threat can qualify as an “emergency” under 49 U.S.C. §114(l)(2), thereby permitting the TSA to promulgate security directives without prior notice or public comment.

Summary of the Judgment

• No Notice-and-Comment Required: The court held that the “emergency procedures” provision in §114(l)(2) grants TSA broad discretion to decide when “immediate” action is necessary to protect transportation security; ongoing foreign cyber threats meet that threshold.
• No Cost–Benefit Duty for Directives: §114(l)(3) speaks only to “regulations,” not to “security directives,” so TSA had no statutory obligation to quantify costs.
• Statutory Authority Confirmed: Numerous subsections of §114 confer substantive authority on TSA to regulate security “in all modes of transportation,” including rail.
• Decision Not Arbitrary or Capricious: TSA tailored its directives to intelligence and obtained Transportation Security Oversight Board ratification; reasoned explanation was adequate.

Analysis

1. Precedents Cited and Their Influence

• Home Building & Loan Ass’n v. Blaisdell (1934): Petitioners used Blaisdell’s “fire, flood, or earthquake” dictum to argue that emergencies must be sudden and short-lived. The court distinguished that context and emphasized the statutory text over “layman’s conception.”
• National-Security Deference Cases
• Haig v. Agee (1981); Dep’t of Navy v. Egan (1988); Trump v. Hawaii (2018): Cited to reinforce judicial reluctance to second-guess executive national-security determinations absent explicit congressional command.
• United States v. Curtiss-Wright (1936): historical anchor for executive competence in foreign-affairs intelligence matters.
• Cautionary-Limits Cases
• Ziglar v. Abbasi (2017); Holder v. Humanitarian Law Project (2010): Acknowledged to show courts must avoid blind deference, yet the panel found no basis for skepticism here.
• Administrative-Law Benchmarks
• Bonacci v. TSA (D.C. Cir. 2018); Olivares v. TSA (D.C. Cir. 2016): Support the proposition that courts give “substantial deference” to TSA’s security assessments.
• FCC v. Prometheus Radio Project (2021): framework for arbitrary-and-capricious review.

2. The Court’s Legal Reasoning

1. Statutory Construction of §114(l)(2)
   • The phrase “shall issue … immediately” confers broad discretion.
   • Long-standing practice of multi-year national emergencies under the National Emergencies Act and IEEPA demonstrates that emergencies may be “ongoing” rather than momentary.
   • TSA’s reliance on “recent and evolving intelligence” keeps the determination fresh.
   • Oversight Board ratification every 90 days–1 year provides an internal executive check.
2. Separation of Powers and Deference
   The judiciary traditionally defers to executive fact-finding in national security. Congress itself delegated that discretion; hence, the court saw no constitutionally problematic abdication.
3. Cost–Benefit Clause in §114(l)(3)
   Expressio unius: Congress included “regulation” but omitted “security directive.” The panel treated that as deliberate, absolving TSA of formal cost-benefit obligations for emergency directives.
4. Substantive Authority to Regulate Rail Security
   The panel wove together §§114(d), (f), (l), and (m): “responsible for security in all modes,” “oversee implementation,” and “issue regulations or security directives” as necessary. Rail falls squarely within DOT’s transportation mode, hence TSA purview.
5. Arbitrary-and-Capricious Review
   Given the documented intelligence and limited scope (high-risk and STRACNET railroads only), the directives were reasonable. The absence of notice-and-comment or quantified costs was lawful, so TSA had no further duty to explain.

3. Impact on Future Litigation and Regulatory Practice

• Expansion of “Emergency” Doctrine. Agencies with emergency-rule clauses may rely on continuous foreign or cyber threats to skip notice-and-comment, so long as (a) intelligence is refreshed and (b) periodic oversight exists.
• Heightened Deference in Cybersecurity Context. Courts may extend traditional national-security deference to the cyber domain, even when regulated entities face significant economic burdens.
• Strategic Use of Dual-Track Regulation. The decision implicitly blesses TSA’s practice of simultaneous emergency directives and slower notice-and-comment rulemaking, a model other agencies might emulate (e.g., EPA for critical-infrastructure water systems, FERC for energy grids).
• Limited Role for Cost Challenges. By carving security directives out of §114(l)(3), regulated parties may find cost-based attacks foreclosed unless they rise to constitutional dimensions (e.g., taking, due process).
• Interbranch Dynamics. Oversight Board ratification became an important factual anchor for judicial confidence; agencies may lean on such inter-agency endorsements to bolster future emergency actions.

Complex Concepts Simplified

• Security Directive vs. Regulation – A security directive is an immediate, often confidential, order applicable to a defined set of industry actors; a regulation is a formal rule of general applicability promulgated through notice-and-comment procedures.
• STRACNET – The Strategic Rail Corridor Network: critical rail lines designated by the Department of Defense for rapid movement of military assets.
• Notice-and-Comment Rulemaking – The process in the Administrative Procedure Act (APA) requiring agencies to publish proposed rules, solicit public input, and respond to comments before adopting a final rule.
• Arbitrary and Capricious Standard – A court asks whether the agency reasonably considered relevant factors and provided an adequate explanation.
• Expressio Unius Est Exclusio Alterius – Canon of statutory interpretation: inclusion of one term (here, “regulation”) implies the exclusion of another (here, “security directive”).
• National-Security Deference – Judicial practice of giving substantial weight to executive determinations about threats, partly because the executive controls classified intelligence and must act swiftly.

Conclusion

Grand Trunk Corp. v. TSA marks a pivotal evolution in emergency administrative law. By declaring that constant, non-episodic cyber threats satisfy the statutory “emergency” trigger, the Seventh Circuit effectively enlarges executive power to impose rapid, cost-intensive security measures without prior public input— at least when transportation infrastructure and national defense intertwine. While the court reaffirmed deference to agency expertise, it also grounded its analysis in textual interpretation and statutory design, suggesting a principled—not open-ended—approach. Future litigants challenging emergency cybersecurity directives must now reckon with this precedent, which gives agencies a sturdy shield so long as they (1) anchor actions in current intelligence, (2) observe periodic internal oversight, and (3) reserve formal rulemaking for permanent measures. The decision thus stands at the intersection of administrative law, national security, and the digital age, underscoring that in 21st-century America, an “emergency” may indeed be perpetual.