Independent Director Since: 2010

Age: 74

Committees:

• Finance and Risk Management
• Human Capital Management and Compensation

Career Highlights
Mr. Bell is the Chairman of Mesa Capital Partners, LLC, a real estate investment company. Mr. Bell previously served as Chairman and CEO of Cousins Properties, a publicly traded real estate investment trust that invests in office buildings throughout the Sun Belt, from 2002 to 2009. He is also a director of Southern Company Gas and was previously a director of Regal Entertainment Group, Inc. and Young & Rubicam Inc., among numerous other companies.

Key Skills and Expertise
Governmental and Stakeholder Relations, Strategic Planning, Risk Management, Safety, Environmental and Sustainability, Human Resources and Compensation, Marketing, Executive Leadership, Governance/Board, and Operational Oversight

Rationale for Service
Mr. Bell’s experience as a senior executive and director of multiple large real estate, energy, and retail companies positions him well to advise the Corporation on risk management, compensation, finance, and environmental and safety matters.

Independent Director Since: 2016

Age: 75

Committees:

• Governance and Nominating
• Human Capital Management and Compensation

Career Highlights
Mr. Daniels served as the President of Purdue University from 2013 to 2023 and served as Governor of Indiana from 2005 to 2013. From 1990 to 2000, Mr. Daniels worked for Eli Lilly and Company, holding the executive positions of President of North American Pharmaceutical Operations and Senior Vice President of Corporate Strategy and Policy. Mr. Daniels is also a director of Cerner Corporation.

Key Skills and Expertise
Executive Leadership, Finance and Accounting, Governance/Board, Governmental and Stakeholder Relations, and Strategic Planning

Rationale for Service
The extensive leadership and executive experience Mr. Daniels obtained as a result of his tenure as the former Governor of Indiana, former President of Perdue University, and director and executive for two large pharmaceuticals and health information technology companies enables Mr. Daniels to advise the Corporation on governance, governmental relations, and strategic planning matters, among others.

Independent Director Since: 2023

Age: 64

Committees:

• Finance and Risk Management
• Safety

Career Highlights
Adm. Philip Davidson retired from the U.S. Navy in 2021, following a distinguished military career that spanned nearly 39 years of service and culminated in his appointment in 2018 as a four-star Admiral

and 25th Commander of the United States Indo-Pacific Command (INDOPACOM). INDOPACOM is the United States’ oldest and largest military combatant command, encompassing more than 100 million square miles or about 52 percent of the Earth’s surface. Prior to his tenure as Commander of INDOPACOM, he led a comprehensive review of the Surface Navy’s safety protocols that resulted in the implementation of measures to enhance safety, including new training and assessment processes. He founded Davidson Strategies, LLC, a management, technical, and strategic advisory firm. He also currently serves on the boards of Par Pacific Holdings, Inc. and AeroVironment, Inc.

Key Skills and Expertise
Safety, Operational Oversight, Governmental and Stakeholder Relations, Strategic Planning, Risk Management, Executive Leadership, Governance/Board, and Information Technology

Rationale for Service
Adm. Davidson’s significant military experience, including as a four-star Admiral and 25th Commander of the United States Indo-Pacific Command, the nation’s oldest and largest military combatant command, positions him to provide valuable insight into our strategic planning, operations, risk management, and safety matters, which are critical areas for us as we focus on operational excellence.

Independent Director Since: 2023

Age: 58

Committees:

• Audit
• Governance and Nominating

Career Highlights
Francesca DeBiase is a seasoned supply chain, sustainability, and finance executive, with more than 30 years of global supply chain expertise across restaurant, food, toys, packaging, logistics, construction, real estate, and marketing services. From 2020 to 2022, Ms. DeBiase served as Executive Vice President and Global Chief Supply Chain Officer of McDonald’s Corporation. From 2018 to 2020, she served as Chief Sustainability Officer, where she was a champion for sustainability across the McDonald’s system, working with leaders to embed social and environmental goals into long-term plans to drive meaningful, industry-wide change. Francesca led the revitalization of McDonald’s sustainability vision under the platform of Scale for Good. Prior to that role, she held various accounting, finance, and supply chain positions at McDonald’s. She began her career at Ernst & Young as an auditor in the retail and consumer products practice.

Key Skills and Expertise
Operational Oversight, Executive Leadership, Marketing, Transportation and Logistics, Environmental and Sustainability, Strategic Planning, Finance and Accounting, Governance/Board, and Risk Management

Rationale for Service
Ms. DeBiase’s significant experience managing global supply chain, sustainability, and finance matters enables her to advise us on our strategic planning, sustainability, operations, and logistics matters, and her extensive customer-facing business experience further enables her to play a key role in overseeing our efforts to enhance the overall satisfaction of our customers.

Audit (Chair), Executive, Finance and Risk Management

Director Since: 2016 | Independent | Age 59

Career Highlights
Ms. Donadio, a certified public accountant with over 38 years of audit and public accounting experience, is a retired partner of Ernst & Young LLP, a multinational professional services firm. From 2007 until her retirement in 2014, Ms. Donadio was Americas Oil & Gas Sector Leader, with responsibility for one of Ernst & Young’s significant industry groups helping set firm strategy for oil and gas industry clients in the United States and throughout the Americas. Ms. Donadio serves as Lead Independent Director of Marathon Oil Corporation, and as director of NOV Inc. and Freeport-McMoRan, Inc.

Areas of Expertise
CEO/Senior Officer; Finance and Accounting; Governance/Board; Human Resources and Compensation; Risk Management; Strategic Planning

Rationale for Service
Ms. Donadio’s extensive accounting and director experience, including serving as the Lead Independent Director of a S&P 500 company, enables her to provide valuable insight into, and oversight of, the Corporation’s accounting, finance, governance, and compensation matters.

Rationale for Service
Ms. Donadio, a native of Panama, has extensive accounting and public company board experience, including her service as Lead Independent Director of an S&P 500 company, which enables her to contribute valuable expertise to the Board and supports oversight of Norfolk Southern’s accounting, finance, governance, strategic planning, and risk management matters, which are integral to the execution of our strategy. Ms. Donadio’s 25-year experience as an Audit Partner at Ernst & Young is important to the Board, particularly her service as Chair of the Audit Committee, because she provides deep financial expertise in the oversight of the key accounting and disclosure issues related to operational, legal, and regulatory matters for Norfolk Southern.

Independent Director Since: 2020

Age: 56

Committees:

• Finance and Risk Management
• Human Capital Management and Compensation

Career Highlights
Mr. Huffard is a co-founder and director of Tenable Holdings, Inc., a cybersecurity software company. Mr. Huffard was a co-founder and served as President and Chief Operating Officer and a director of Tenable Network Security, Inc., the predecessor to Tenable Holdings, Inc. from 2002 to 2018, where he was responsible for driving Tenable’s global corporate strategy and business operations and was instrumental in the venture funding and IPO process. From 2018 to 2019, Mr. Huffard focused exclusively on business operations as Chief Operating Officer of Tenable Holdings, Inc.

Key Skills and Expertise
Information Technology, Risk Management, Finance and Accounting, Operational Oversight, Human Resources and Compensation, Strategic Planning, Governmental and Stakeholder Relations, Marketing, Executive Leadership, and Governance/Board

Rationale for Service
Mr. Huffard’s extensive technology, cybersecurity, finance, and senior executive experience supports the Board’s oversight of information technology, risk management, strategic planning, governance, marketing, and financial matters. The wealth of software and cybersecurity experience that Mr. Huffard gained in his role overseeing cybersecurity risk over more than two decades makes a significant contribution to the Board and to the Finance and Risk Management Committee where he has demonstrated leadership in oversight of Norfolk Southern’s information technology and strategic planning matters, including cybersecurity risks, and has engaged management on Norfolk Southern’s information technology and cybersecurity infrastructure and technological innovations which are foundational to our strategy.

Independent Director Since: 2020

Age: 59

Committees:

• Audit
• Executive
• Safety (Chair)

Career Highlights
Mr. Jones served as Corporate Vice President and President of the technology services sector of Northrop Grumman Corporation, a global aerospace and defense technology company, from 2013 through 2019. Previously, he served as Vice President and General Manager of Northrop Grumman’s integrated logistics and modernization division from 2010 through 2012. Mr. Jones also served 26 years in the U.S. Air Force, including as an engineer, systems analyst, communications officer, and maintenance officer, retiring as the Chief of Maintenance for the Connecticut Air National Guard.

Key Skills and Expertise
Information Technology, Operational Oversight, Safety, Governmental and Stakeholder Relations, Strategic Planning, Risk Management, Environmental and Sustainability, Executive Leadership, Finance and Accounting, and Governance/Board

Rationale for Service
As the new Chair of our Safety Committee, Dr. Jones’ senior executive, technology, governmental relations, safety, and operational oversight experience enables him to provide valuable insight into Norfolk Southern’s information technology, safety, strategic planning, operations, and risk management matters. In addition, his extensive experience overseeing technology and safety at Northrop Grumman further contributes to our safety and cybersecurity initiatives including extensive engagement with management on our information technology and cybersecurity infrastructure. Under Dr. Jones’ leadership, the Safety Committee has enhanced governance practices, including increased meeting cadence, expanded field employee engagement, and recalibrated information and data focused on our safety risk profile to enhance safety outcomes and drive management accountability.

Independent Director Since: 2019

Age: 66

Committees:

• Audit
• Executive
• Finance and Risk Management (Chair)

Career Highlights
Mr. Kelleher has been Chairman of the Board of UBS Group AG since April 2022. Previously, he served as President of Morgan Stanley, a leading global financial services firm, from 2016 until his retirement in June 2019. He also served as Chairman and Chief Executive Officer of Morgan Stanley Bank, N.A. until June 2019. Previously, he was President of Morgan Stanley Institutional Securities from 2010 to 2016, CEO of Morgan Stanley International from 2011 to 2016, Chief Financial Officer and Co-Head of Corporate Strategy from 2007 to early 2010, and served as Morgan Stanley’s Head of Global Capital Markets from 2006 to 2007.

Key Skills and Expertise
Finance and Accounting, Strategic Planning, Risk Management, Governance/Board, Human Resources and Compensation, Governmental and Stakeholder Relations, Executive Leadership, and Operational Oversight

Rationale for Service
Mr. Kelleher, a qualified Chartered Accountant, has extensive experience as a senior executive of several global financial institutions which uniquely positions him to advise Norfolk Southern on its governance, financial, strategic planning, and risk management matters and enables him to effectively lead the Finance and Risk Management Committee’s oversight of our capital structure and enterprise risk management program.

Independent Director Since: 1999

Age: 71

Committees:

• Governance and Nominating
• Human Capital Management and Compensation

Career Highlights
Mr. Leer served as the Chief Executive Officer of Arch Coal, Inc., a company engaged in coal mining and related businesses, from 1992 through 2012. He was Chairman of its board from 2006 through 2012 and its Executive Chairman from 2012 through 2014. He then served as Senior Advisor to the President and CEO of Arch Coal from 2014 through 2015. Mr. Leer was a director of Cenovus Energy Inc. until January 1, 2021, and served as the non-executive Chairman of USG Corporation until April 2019. Mr. Leer is a director of Parsons Corporation and has served as their Lead Independent Director since April 2022.

Key Skills and Expertise
Safety, Transportation and Logistics, Governmental and Stakeholder Relations, Strategic Planning, Human Resources and Compensation, Governance/ Board, Environmental and Sustainability, Executive Leadership, and Marketing

Rationale for Service
Mr. Leer’s experience as a senior executive and as Chairman and a director of multiple coal and energy companies, as well as the Lead Independent Director of a public company enables him to advise the Corporation on its governance, strategic planning, environmental, compensation, and stakeholder relations matters.

Independent Director Since: 2008

Age: 75

Committees

• Audit
• Safety

Career Highlights
Mr. Lockhart served as Chairman of the Board, President and Chief Executive Officer of Armstrong World Industries, Inc., and its predecessor, Armstrong Holdings, Inc., a leading global producer of flooring products and ceiling systems, from 2000 until his retirement in February 2010. Mr. Lockhart previously served as Chairman and Chief Executive Officer of General Signal Corporation, a diversified manufacturer, from September 1995 until it was acquired in 1998.

Key Skills and Expertise
Executive Leadership, Environmental and Safety, Finance and Accounting, Governance/Board, Marketing, Risk Management, Strategic Planning, and Transportation and Logistics

Rationale for Service
Mr. Lockhart’s experience as a senior executive and as Chairman and a director of multiple manufacturing companies position him well to advise the Corporation on its strategic planning, governance, environmental and safety, and risk management matters, among others.

Independent Chair Since: 2022

Independent Director Since: 2014

Age: 57

Committees:

• Executive (Chair)

Career Highlights
Ms. Miles has served as Chair of the Board of Norfolk Southern since May 1, 2022, and as a director since 2014. Ms. Miles served as Chief Executive Officer of Regal Entertainment Group, Inc., a leading motion picture exhibitor, from 2009 until its acquisition in March 2018. During that time, she served as a director of Regal and was named Chair of its board in 2015. Ms. Miles previously served as Regal Entertainment’s Executive Vice President, Chief Financial Officer and Treasurer from 2002 to 2009. She is also a director of The Gap, Inc. and Amgen, Inc.

Key Skills and Expertise
Strategic Planning, Governance/Board, Operational Oversight, Executive Leadership, Finance and Accounting, Information Technology, and Marketing

Rationale for Service
Ms. Miles’ extensive experience as a Board Chair, Chief Executive Officer, Chief Financial Officer, and a director of multiple large public companies in the retail and biotechnology sectors, as well as significant experience as a certified public accountant and auditor, makes her highly qualified to serve on the Board and enables her to oversee the activities of the Board and management on behalf of our shareholders. Ms. Miles provides Norfolk Southern and our Board with significant insights related to strategic planning, governance, operations, finance, information technology, and marketing matters, which are critical to support effective oversight of the Company’s balanced approach to safe service, productivity, and growth. Under Ms. Miles’ leadership, the Board has enhanced its shareholder engagement efforts, Board composition and recruitment, and oversight of management, particularly with respect to strategy, talent, and risk management. Ms. Miles is leading the Board through legal and regulatory, safety, compensation, operational, and strategic considerations in the aftermath of the East Palestine derailment.

Independent Director Since: 2019

Age: 62

Committees:

• Human Capital Management and Compensation
• Safety

Career Highlights
Mr. Mongeau served as President and Chief Executive Officer of Canadian National Railway Company (CN), a North American railroad and transportation company, from January 2010 to June 2016 and as a director of CN from October 2009 to June 2016. During his 22- year career at CN, he also served as Executive Vice President and Chief Financial Officer, Vice President Strategic and Financial Planning, and Assistant Vice President Corporate Development. Mr. Mongeau is also a director of Cenovus Energy and Toronto-Dominion Bank. He was formerly a director of Telus from 2017 to 2019.

Key Skills and Expertise
Transportation and Logistics, Executive Leadership, Governmental and Stakeholder Relations, Strategic Planning, Risk Management, Safety, Environmental and Sustainability, Finance and Accounting, Operational Oversight, Governance/Board, Human Resources and Compensation, and Marketing

Rationale for Service
With more than 25 years of experience including as a former director and Chief Executive Officer at a Class I railroad, Mr. Mongeau has an extensive understanding of the industry and the operational, safety, strategic planning, environmental, and governmental and stakeholder relations challenges facing Norfolk Southern in the execution of our strategy. Mr. Mongeau’s extensive industry experience enables him to advise senior management and the Board on these issues, including during regular touchpoints with our operational leadership.

Independent Director Since: 2018

Age: 57

Committees:

• Executive
• Governance and Nominating (Chair)
• Safety

Career Highlights
Ms. Scanlon has been President and Chief Executive Officer and a director of UL Solutions, a global science safety organization, since September 2019. She is the first woman to lead the organization. She previously served as President and Chief Executive Officer of USG Corporation from 2016 until its acquisition in April 2019. During that time, she served as a director of USG. Ms. Scanlon also previously served as President of USG’s international business, President of its L & W Supply Corporation, and Chief Information Officer and Chairman of the Board for USG Boral Building Products.

Key Skills and Expertise
Safety, Environmental and Sustainability, Executive Leadership, Operational Oversight, Governance/ Board, Transportation and Logistics, Strategic Planning, Information Technology, Human Resources and Compensation, Marketing, and Risk Management

Rationale for Service
Ms. Scanlon’s significant executive and board service experience in the product safety testing and manufacturing industries enables her to provide valuable insights into safety, strategic planning, governance, operations, environmental, and transportation matters and to rotate into the position of Chair of our Governance and Nominating Committee. As the Chief Executive Officer of a safetyfocused company, and as the former Chief Executive Officer and director of a public company, she brings important expertise with respect to safety and governance matters.

Director Since: 2022

Age: 56

Committees:

• Executive

Career Highlights
Mr. Shaw has been President of Norfolk Southern Corporation since December 1, 2021, and Chief Executive Officer and director since May 1, 2022. Mr. Shaw has 30 years of experience at Norfolk Southern and most recently served as Norfolk Southern’s Executive Vice President and Chief Marketing Officer from May 2015 until December 2021. Mr. Shaw previously served as Norfolk Southern’s Vice President Intermodal Operations from 2013 to 2015 and has been with Norfolk Southern in various positions since 1994.

Key Skills and Expertise
Operational Oversight, Strategic Planning, Safety, Governmental and Stakeholder Relations, Finance and Accounting, Transportation and Logistics, Marketing, Environmental and Sustainability, Executive Leadership, Governance/Board, Information Technology, and Risk Management

Rationale for Service
Mr. Shaw is one of the freight industry’s most respected leaders, derived from his extensive 30-year career at Norfolk Southern where he has handled significant operational, marketing, and financial matters and currently serves as Norfolk Southern’s President & Chief Executive Officer and a member of the Board. Mr. Shaw’s significant operational and customer-facing experience uniquely positions him to lead Norfolk Southern’s implementation of a new balanced strategy focused on safe service, productivity, and growth. In addition, he provides the Board with valuable insight into Norfolk Southern’s primary operational, safety, strategic, marketing, and governmental and stakeholder relations matters.

Independent Director Since: 2013

Age: 72

Committees:

• Executive
• Governance and Nominating
• Human Capital Management and Compensation (Chair)

Career Highlights
Mr. Thompson served as a government relations consultant for Best Buy Co. Inc., a multinational consumer electronics corporation, from October 2012 to April 2016, and as Senior Vice President and General Manager of BestBuy.com LLC, a subsidiary of Best Buy Co. Inc., from 2002 through 2012, where he led and managed all aspects of strategy, technology, marketing, and logistics for Best Buy’s direct to consumer digital business. Mr. Thompson was formerly a director of Belk, Inc. and Wendy’s International, Inc.

Key Skills and Expertise
Strategic Planning, Transportation and Logistics, Operational Oversight, Information Technology, Governance/Board, Human Resources and Compensation, Governmental and Stakeholder Relations, Executive Leadership, and Marketing

Rationale for Service
Mr. Thompson’s extensive experience as a director and senior executive in multiple customerfacing publicly traded companies enables him to provide us with valuable insight into strategic planning, operations, logistics, information technology, governance, and compensation issues impacting us, resulting in his effective oversight of Norfolk Southern’s key compensation and disclosure issues related to the East Palestine incident.

Full Committee Membership

	Audit Committee	Executive Committee	Finance and Risk Management Committee	Governance and Nominating Committee	Human Capital Management and Compensation Committee	Safety Committee
Thomas D. Bell, Jr.			Member		Member
Mitchell E. Daniels, Jr.		Member		Chair	Member
Philip S. Davidson			Member			Member
Francesca A. DeBiase	Member			Member
Marcela E. Donadio	Chair	Member	Member
John C. Huffard, Jr.			Member		Member
Christopher T. Jones	Member	Member				Chair
Thomas C. Kelleher	Member	Member	Chair
Steven F. Leer				Member	Member
Michael D. Lockhart	Member					Member
Amy E. Miles		Chair
Claude Mongeau					Member	Member
Jennifer F. Scanlon				Member		Member
Alan H. Shaw		Member
John R. Thompson		Member		Member	Chair

• Chair
• Member

The Board of Directors is ultimately responsible for overseeing the primary operational, compliance, financial, strategic, and technological risks facing the Company, including the Company’s corresponding Enterprise Risk Management program (“ERM Program”). The Board of Directors uses the ERM Program to proactively identify, assess, monitor, and mitigate the primary risks, threats, and uncertainties that may impact the Company’s business objectives. Management has created an Enterprise Risk Council, composed of executive leadership. The Enterprise Risk Council coordinates with business leaders across the Company to assess and mitigate enterprise risks and provides periodic reports to the Finance and Risk Management Committee regarding its activities and findings. Management has further created cross functional risk working groups comprised of senior departmental leaders who meet quarterly to discuss internal and external developments and emerging and enterprise risks within each of the Company’s five primary risk categories.

Subject to the Board’s ultimate oversight and accountability, and notwithstanding its periodic receipt of reports and recommendations regarding ERM-related matters, the Board has delegated specific risk management oversight responsibilities to its various committees, as set forth below. The Board and its committees are authorized to engage outside advisors to assist in performing such risk management oversight duties, with the Board and the Finance and Risk Management Committee being further authorized to conduct related risk assessments at any time. The Company also made significant improvements to the ERM Program during 2023, including creating the cross functional risk working groups, creating a crisis management playbook, and developing quarterly and monthly metrics tied to our primary risks to facilitate monitoring. The Board has also implemented the additional risk management efforts with respect to technology and cybersecurity matters described further below.

View Committee Charters

The Board has delegated oversight of the ERM Program to the Finance and Risk Management Committee, including to:

• Request and receive periodic reports from management on the Company’s overall risk monitoring and mitigation activities, including but not limited to technology risks (related to cybersecurity, cyber incident response, information technology resilience, and the adequacy and effectiveness of the Company’s information technology policies);
• Discuss with management the relationship between the Company’s risk appetite and business strategies;
• Recommend to the Board processes and procedures for the ERM Program;
• Recommend to the Board and the Governance and Nominating Committee the specific Board committee that should be allocated the management and oversight responsibility for specific identified risk areas; and
• Assist the Audit Committee with its related responsibilities, including to review the Company’s major financial risk exposures.

The Board has delegated responsibility to the Audit Committee to discuss the Company’s (i) guidelines and policies with respect to risk assessment and management, and (ii) major financial risk exposures and management’s efforts to monitor and control such exposures.

The Board has delegated oversight of the Company’s sustainability and climate change risks to the Governance and Nominating Committee, including (i) legislative and regulatory efforts to limit greenhouse gas emissions, (ii) volatility in energy prices, and (iii) business interruption for severe weather. Our management and employees otherwise collaborate to identify and mitigate any sustainability and climate change risks, with periodic reports also provided to the Board and the Finance and Risk Management Committee.

The Board has delegated responsibility to the Human Capital Management and Compensation Committee to oversee the Company’s human capital management strategies and programs, as well as to review the Company’s compensation strategy, plans, and programs to ensure that they do not encourage unnecessary or excessive risk taking.

The Board has delegated responsibility to the Safety Committee to oversee risk management related to the Company’s safety programs and practices. The Safety Committee has taken significant steps in 2023 to enhance its oversight of these areas, including increasing meeting cadence with regular updates provided on responsive actions in process, as well as recalibrating the incident management process to enhance fact finding, focusing on root cause analysis, and prioritizing corrective actions.

Technology and Cybersecurity Risk Management Efforts: We have implemented additional processes to address the significant technological and cybersecurity risks we face:

• Management provides periodic reports to the Finance and Risk Management Committee regarding (i) the primary technology risks impacting the Company, including regarding our systems, service resiliency, cybersecurity risks, and the related threat environment, with best practices, cyber readiness, and third-party assessment results also addressed as needed, and (ii) all material or potentially material cybersecurity incidents involving the Company, including root causes and identification of and progress towards remediation activities through completion;
• Our Chief Information Security Officer provides an annual report to the Board highlighting the emerging threat landscape, our progress executing on our defensive cybersecurity strategy, and a review of our cybersecurity incident investigation and response processes;
• Our Chief Information Officer and Chief Information Security Officer lead a team responsible for establishing enterprise-wide security strategy policy, standards, architecture, and processes, including tracking key risk indicators for our primary cybersecurity risks;
• All management employees receive mandatory training on how to identify potential cybersecurity risks and protect the Company’s resources and information which is supplemented by company-wide testing initiatives, including periodic phishing tests; and
• We use a risk-based information security program that helps (i) ensure our defenses and resources are aligned to address the most likely and most damaging potential attacks, (ii) provide support for our organizational mission and operational objectives, and (iii) keep us in the best position to detect, mitigate, and recover from a wide variety of potential attacks in a timely fashion.

Management has day-to-day responsibility for identifying, assessing, managing, and monitoring risks by utilizing enterprise risk management processes and controls, including the Enterprise Risk Council and cross functional risk working groups.

The Corporation has implemented the additional processes below to address the significant cybersecurity risks we face:

• management provides periodic reports to the Board on data protection and cybersecurity matters (in addition to reports provided to the Finance and Risk Management Committee);
• our Chief Information Officer and Chief Information Security Officer lead a team responsible for establishing enterprise-wide security strategy, policy, standards, architecture, and processes, and report to the Board on such matters;
• all management employees receive mandatory periodic training on how to identify potential cybersecurity risks and protect the Corporation's resources and information which is supplemented by company-wide testing initiatives, including periodic phishing tests; and
• we use a risk-based information security program that helps (i) ensure our defenses and resources are aligned to address the most likely and most damaging potential attacks, (il) provide support for our organizational mission and operational objectives, and (ill) keep us in the best position to detect, mitigate, and recover from a wide variety of potential attacks in a timely fashion.

Each new director elected to the Board participates in the newly created NS OnBoard director orientation program, a structured and multi-dimensional process created to assist each new director to provide meaningful oversight as soon as possible following election to the Board. We view this as a strong governance practice overall that differentiates the Company as a potential destination for qualified Board candidates.

The NS OnBoard program consists of the following activities, among others:

• One-on-one meetings with the Board Chair and each Committee Chair to review Board and Committee processes and expectations;
• Multiple sessions with management to review the areas of greatest importance to the Company and its operations, including overall strategy, the competitive landscape, operations, human capital management, regulatory, sustainability, ethics and compliance, safety, information technology, and cybersecurity, among others;
• Site visits to provide enhanced visibility on employee training and railroad operations;
• Education and enrichment opportunities provided in each of the first two years on the Board; and
• A one-on-one meeting with the independent Board Chair after one year of service to review overall performance and development opportunities.

Directors also receive continuing education from time to time through presentations about the Company and new legal and regulatory developments relating to directors. Directors are otherwise encouraged to participate in outside director education seminars at any point during their tenure at the Company’s expense. In addition, directors periodically participate in site visits to our railroad facilities.

Norfolk Southern has a long history of shareholder engagement. We believe that regular engagement with our shareholders allows us to improve our decision making through better understanding of our shareholders’ priorities. During 2023, we expanded our existing shareholder outreach program and reached out to shareholders representing 55% of our outstanding shares, ultimately engaging with shareholders representing approximately 49% of our outstanding shares, a 16% increase from the previous year.

Our outreach program included meetings with members of our investor relations, finance, safety, sustainability, and legal teams, with our independent Board Chair, Safety Committee Chair, and our CEO participating in discussions with our largest shareholders. Our engagement team presented shareholder feedback to our Board of Directors and to our Governance and Nominating Committee or Human Capital Management and Compensation Committee, as appropriate, for further consideration. Our Governance and Nominating Committee further reviewed the process for conducting this outreach program and the results of these shareholder meetings with our Board of Directors. Our investor relations team also regularly participates in investor conferences and has meetings with investment analysts and investors on topics relating to company financial performance to discuss our primary strategic and operational priorities.

Read our Full Proxy Statement