DHS announces new cyber security requirements for critical US pipeline owners and operators
- Published: Thursday, 22 July 2021 09:04
In response to the ongoing cyber security threat to pipeline systems, DHS’s Transportation Security Administration (TSA) has announced the issuance of a second Security Directive that requires owners and operators of TSA-designated critical pipelines that transport hazardous liquids and natural gas to implement a number of urgent protective actions.
The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) advised TSA on cyber security threats to the pipeline industry, as well as technical countermeasures to prevent those threats. The resulting Security Directive requires owners and operators of TSA-designated critical pipelines to implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, develop and implement a cyber security contingency and recovery plan, and conduct a cyber security architecture design review.
This is the second Security Directive that TSA has issued to the pipeline sector this year, building upon an initial Security Directive that TSA issued in May 2021 following the ransomware attack on a major petroleum pipeline. The May 2021 Security Directive requires critical pipeline owners and operators to:
- Report confirmed and potential cybersecurity incidents to CISA;
- Designate a Cybersecurity Coordinator to be available 24 hours a day, seven days a week;
- Review current practices; and
- Identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA.