Articles

TSA issues second cybersecurity directive for pipeline companies

Experts applaud the agency’s new, detailed security requirements for US pipeline operators but question how they will be enforced or monitored.

The Department of Homeland Security’s (DHS) Transportation Safety Administration (TSA) yesterday announced a second security directive that requires owners and operators of TSA-designated critical pipelines to implement cybersecurity measures that help protect against malicious digital incidents. This directive is a more expansive follow-up to an initial pipeline security directive issued on May 27, roughly two weeks after the highly disruptive ransomware attack against Colonial Pipeline.

The initial directive required pipeline companies to report cybersecurity incidents to DHS’s Cybersecurity and Infrastructure Security Agency (CISA). It also required pipeline owners and operators to designate a cybersecurity coordinator available around the clock to coordinate cybersecurity practices and any cybersecurity incidents with TSA and CISA. Finally, that directive required companies to examine their cybersecurity practices and assess risks, identify gaps, develop remediation measures, and report the results to TSA and CISA.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Mike Benna on Unsplash

Articles

Feds seize $2.3 million in cryptocurrency wallet reportedly used…

The successful seizure could encourage other victims to better cooperate with federal agencies and cause ransomware gangs to rethink their operations.

The Justice Department announced yesterday that it had seized 63.7 bitcoins currently valued at approximately $2.3 million that allegedly represents some portion of a May 8 payment by the Colonial Pipeline company to DarkSide ransomware attackers. Colonial Pipeline admitted paying the cybercriminals a total ransom of around $4.4 million in bitcoin to restore full functionality to its systems following the crippling ransomware attack announced by the company on May 7.

The Special Prosecutions Section and Asset Forfeiture Unit of the US Attorney’s Office for the Northern District of California seized the bitcoin wallet after a magistrate judge for the Northern District of California authorized a seizure warrant. News of the wallet seizure came as little surprise given that the DarkSide attackers themselves foreshadowed it when they announced in mid-May that the group lost control over some of its servers, including a payment server, and was shutting down due to “pressure” from the United States. At that time, DarkSide also stated that some of its funds had been withdrawn to an unknown account.

This article appeared in CSO Online. To read the rest of the article please visit here.

 

Articles

TSA’s pipeline cybersecurity directive is just a first step…

The new, hastily announced security directive requires US pipeline companies to appoint a cybersecurity coordinator and report possible breaches within 12 hours.

The Transportation Safety Administration (TSA), an arm of the US Department of Homeland Security (DHS), released a Security Directive on Enhancing Pipeline Cybersecurity. TSA released the document two days after the Biden administration leaked the details of the regulations and less than a month after the ransomware attack on Colonial Pipeline created a significant gas shortage in the Southeast US.

As a result of post-9/11 government maneuvering, the TSA gained statutory authority to secure surface transportation and ensure pipeline safety. The directive follows largely ineffective, voluntary pipeline security guidelines established by the TSA in 2010 and updated in 2018.

This new regulation requires that designated pipeline security companies report cybersecurity incidents to the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) no later than 12 hours after a cybersecurity incident is identified. The TSA estimates that about 100 companies in the US would fall under the directive’s mandates.

This article appeared in CSO Online. To read the rest of the article please visit here.

 

Articles

Colonial Pipeline shutdown highlights need for better OT cybersecurity…

Experts weigh in on what the Colonial attack teaches critical infrastructure providers about preparation and incident response.

In one of the most disruptive cybersecurity incidents to take place in the United States, Georgia-based Colonial Pipeline announced late Friday that it was the victim of a cyberattack, later confirmed to be a ransomware attack. The company said it proactively took specific systems offline and halted all pipeline operations.

Colonial called in federal authorities and hired FireEye Mandiant to conduct an incident response investigation. On Sunday, the third day of its shutdown, Colonial said it was developing a system restart plan while keeping its four main oil lines offline. The company said it would bring its “full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations.”

News of Colonial’s shutdown reverberated all weekend throughout the cybersecurity world, given how critical Colonial’s pipeline business is to the nation’s economic health. Colonial transports 2.5 billion barrels of oil per day to the eastern US and connects to 30 refineries and almost 300 distribution terminals. It carries gas and other fuel from Texas to the Northeast, delivering around 45% of the fuel consumed on the East Coast.

The criticality of Colonial Pipeline to the national infrastructure became clear late Sunday when the Biden administration issued emergency waivers in response to the cyberattack, lifting limits on the transportation of fuels by road as fears of shortages begin to put upward pressure on oil and gas prices. Commerce Secretary Gina Raimondo said that the President had been briefed, and it’s an “all-hands-on-deck” situation to ensure the attack doesn’t disrupt the US oil supply.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by SELİM ARDA ERYILMAZ on Unsplash