TSA Issues Second Cybersecurity Directive for Pipeline Owners and Operators

The Department of Homeland Security’s Transportation Security Administration (TSA) released a second security directive for additional enhancements to pipeline cybersecurity on July 20, 2021.

According to the Department of Homeland Security’s press release, the July directive requires owners and operators of TSA-designated critical pipelines to (1) implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, (2) develop and implement a cybersecurity contingency and recovery plan, and (3) conduct a cybersecurity architecture design review. Secretary of Homeland Security Alejandro N. Mayorkas commented on the directive:

 “Through this Security Directive, DHS can better ensure the pipeline sector takes the steps necessary to safeguard their operations from rising cyber threats, and better protect our national and economic security. Public-private partnerships are critical to the security of every community across our country and DHS will continue working closely with our private sector partners to support their operations and increase their cybersecurity resilience.”

The first directive issued in May required critical pipeline owners and operators to (1) report confirmed and potential cybersecurity incidents to CISA, (2) designate a Cybersecurity Coordinator to be available 24 hours a day, seven days a week, (3) review current practices, and (4) identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days.

Both of these directives are a result of the increased pressure on the federal government to strengthen cybersecurity defenses and regulations following the attack on Colonial Pipeline, who provides nearly 45% of the oil supply on the East Coast. The attack resulted in panic buying of gasoline, fuel supply shortages and is now the focus of developing class action lawsuits, citing inadequate cybersecurity as the basis to sue.  

While there has been no indication of additional directives, it would not be surprising to see additional regulations and legislation proposed in the near future as the federal government continues to try and keep pace with the increasing cyber threats targeting critical infrastructure and supply chain providers.

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].

In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind