TSA imposes new cyber rules on pipeline operators – FCW
TSA imposes new cyber rules on pipeline operators
Fuel pipeline operators will need to institute measures to guard against ransomware attacks and other known cybersecurity threats under a new guideline released Tuesday by the Transportation Security Agency.
This is the second directive issued by the TSA following the ransomware attack on corporate computer systems at Colonial Pipeline in May, which resulted in the suspension of pipeline operations for about a week.
The first directive, released on May 27, instituted mandatory reporting requirements covering “confirmed and potential” cybersecurity incidents at pipeline operators. The second directive, which was previewed at a congressional hearing in June, requires pipeline operators designated by TSA as critical to implement mitigation measures against known threats to computer systems and technological operations and to establish plans to recover from a cyber attack and review their “cybersecurity architectural design.”
At the June hearing, Sonya Proctor, TSA’s deputy surface operations administrator, said the directive would be a “security sensitive information” document and would not be fully made public and “will be rather prescriptive in terms of mandatory mitigation measures. “
The stakes are high. As the Colonial ransomware attack turned out to be the work of a group of hackers, the FBI and the Cybersecurity and Infrastructure Security Agency on July 20 released new details about a spear campaign conducted between 2011 and 2013 targeting oil and natural gas pipeline companies, and attributed the attack to a group linked to the Chinese military. Reports at the time indicated that federal officials believed China was responsible for the intrusions.
The report states that “China has successfully gained access to the Supervisory Control and Data Acquisition (SCADA) networks of several US pipeline companies,” and that the campaign was “likely to gain strategic access to the ICS networks. for future operations rather for theft of intellectual property. “
The attribution of this campaign to China is part of a larger effort by the United States and NATO allies to publicize and potentially deter what the White House calls “China’s irresponsible and destabilizing behavior in cyberspace “. This effort includes attributing a hack of Microsoft Exchange servers to Chinese state-sponsored actors.
A spokesperson for the Chinese Foreign Ministry fired the White House and NATO are pushing as an effort to “smear and suppress China for political gain”.
TSA’s own role in regulating the cybersecurity of liquid fuel and natural gas pipelines, a task that may seem out of step with its primary function of air passenger security screening, has taken on new urgency since the Colonial hack. Pipeline and the global threat environment.
Richard Glick, the chairman of the Federal Energy Regulatory Commission who called for more mandatory regulation of pipeline cybersecurity after the Colonial Pipeline hack, applauded the TSA’s decision.
“I am pleased to see the actions taken today, including mandatory standards, by the TSA to protect the security of our nation’s critical energy infrastructure,” Glick said in an emailed statement to FCW.
Some in Congress have been pushing for the TSA’s role in pipeline cybersecurity to be taken over by the CISA or the Department of Energy. A bipartisan bill recently passed by the House Energy and Commerce Committee calls on the Department of Energy to lead the coordination of the safety and resiliency of the pipeline industry’s assets. The bill directs the DOE to coordinate the federal, state and local response to cyber incidents affecting the energy sector.
Karen Evans, who headed the Department of Energy’s cybersecurity, energy security and emergency response office during the Trump administration and served as DHS CIO, defended the current arrangement in an FCW article. May 12.
“It makes sense if you work it from the inside out,” Evans said. “There are a bunch of other things that come into play, not just cyber.”
Adam Mazmanian is editor-in-chief of FCW.
Prior to joining the editorial team, Mazmanian was a writer at FCW covering Congress, government-wide technology policy, and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was a technology correspondent for the National Journal and held various editorial positions at the B2B SmartBrief news service. Mazmanian has written reviews and articles for The Washington Post, Washington City Paper, Newsday, New York Press, Architect Magazine, and other publications.
Click here for previous Mazmanian articles. Connect with him on Twitter at @thisismaz.