Experts applaud the agency’s new, detailed security requirements for US pipeline operators but question how they will be enforced or monitored.
The Department of Homeland Security’s (DHS) Transportation Safety Administration (TSA) yesterday announced a second security directive that requires owners and operators of TSA-designated critical pipelines to implement cybersecurity measures that help protect against malicious digital incidents. This directive is a more expansive follow-up to an initial pipeline security directive issued on May 27, roughly two weeks after the highly disruptive ransomware attack against Colonial Pipeline.
The initial directive required pipeline companies to report cybersecurity incidents to DHS’s Cybersecurity and Infrastructure Security Agency (CISA). It also required pipeline owners and operators to designate a cybersecurity coordinator available around the clock to coordinate cybersecurity practices and any cybersecurity incidents with TSA and CISA. Finally, that directive required companies to examine their cybersecurity practices and assess risks, identify gaps, develop remediation measures, and report the results to TSA and CISA.
This article appeared in CSO Online. To read the rest of the article please visit here.