Of course, I would be more comfortable if they would explicitly state that TSA, a part of DHS, was precluded from having any (cyber) authorities.
Start with ICS-CERT (Industrial Control Systems - Cyber Emergency Response Team). Note: While they use the "us-cert.gov" domain, they are NOT a part of US-CERT.
Specifically, take a look at their "Recommended Practices: section: http://www.us-cert.gov/control_systems/practices/Recommended_Practices.html
No amount of careful planning will ever replace dumb luck.