The Transportation Security Administration on July 20 imposed additional cybersecurity requirements on owners of major oil pipelines, this time focusing on ransomware. This is the second time the Department of Homeland Security’s Transportation Security Administration has issued a security directive to owners of critical pipelines since a ransomware attack on the Colonial pipeline in May, sparking fears amid fears of fuel shortages. Fearful purchase. The specific requirements of the directive have not been released publicly.
A DHS statement reads that the security directive requires TSA-designated owners and operators of critical pipelines to implement specific mitigations to prevent ransomware attacks and attacks on IT (information technology) and OT (operational technology) systems. other known threats, develop and implement cybersecurity contingency and recovery plans, and conduct cybersecurity architecture design reviews.
The same month the Colonial Pipeline was attacked, on May 27, the TSA issued its first Pipeline Industry Cybersecurity Directive. The TSA said it would fine certain pipeline owners — an estimated 100 companies — if they failed to meet cybersecurity guidelines. Among other requirements, the TSA requires these operators to report cybersecurity incidents.
Homeland Security Secretary Alejandro said in a statement issuing the second pipeline industry cybersecurity directive. “The lives and livelihoods of the American people depend on our collective ability to protect the nation’s critical infrastructure from evolving threats,” said Alejandro N. Mayorkas. “Through this security directive, DHS can better ensure that the pipeline sector takes the necessary steps to protect its business from rising cyber threats and better protect our national and economic security. Public-private partnerships are vital to every community in our country. security is critical to the safety of all countries, and DHS will continue to work closely with private sector partners to support their operations and improve their cybersecurity resilience.”
DHS’ Cybersecurity and Infrastructure Security Agency (CISA) advises TSA on cybersecurity threats facing the pipeline industry and technical countermeasures to prevent those threats, during the development of the second security directive. The security directive requires owners and operators of TSA-designated critical pipelines to implement specific mitigation measures to prevent ransomware attacks and other known threats to information technology and operational technology systems, develop and implement cybersecurity contingency and recovery plans, And conduct network security architecture design review.
This is the second security directive issued by the TSA this year, building on the first issued following a ransomware attack on major oil pipelines in May 2021. The May 2021 Security Directive requires critical pipeline owners and operators to (1) report confirmed and potential cybersecurity incidents to CISA; (2) designate a cybersecurity coordinator to be on call 24 hours a day, 7 days a week; ( 3) Review current practices; (4) Identify cyber risk vulnerabilities and related remediation measures, and report results to TSA and CISA within 30 days.
Since 2001, TSA has worked closely with pipeline owners and operators and partners across the federal government to strengthen the physical security of America’s hazardous liquid and natural gas pipeline systems. ? TSA works closely with CISA, the U.S. lead agency for protecting critical infrastructure from cybersecurity threats, to carry out this mission.
The Department of Homeland Security had hinted in its announcement of the original directive that more directives could be coming. The Washington Post first reported on the TSA’s additional requirements.
The second TSA directive comes as both Biden administration officials and members of Congress have said they are increasingly interested in broader cybersecurity regulation.
The U.S. House of Representatives Homeland Security Committee approved a bill in May that would create a pipeline safety unit within the Transportation Security Administration. Lawmakers have also been considering legislation to require critical infrastructure owners and others to report cybersecurity incidents.
The TSA directive also comes as the Biden administration ramps up its efforts to crack down on ransomware. Last week, the White House announced a series of measures taken by an interagency ransomware task force.
On July 20, the U.S. government blamed state-backed cyber threat actors including Russia, China and Iran for several past attacks involving industrial control systems (ICS). The U.S. Federal Bureau of Investigation (FBI) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have released a new joint report on the hacking of natural gas pipelines between 2011 and 2013. Additionally, CISA updated five reports published between 2012 and 2017, blaming multiple countries for malware and malicious activity. The new report similarly frames Chinese hackers for spear-phishing and intrusion operations against U.S. oil and gas pipeline companies between December 2011 and 2013.
On July 19, local time, the United States, in coordination with major allies, including the United Kingdom, EU members and NATO members, released a new joint report, accusing China of so-called “harmful behavior” and “irresponsible national performance” in cyberspace, trying to Using the false multilateralism that the current US administration understands, it replicates the method of “calling and criticizing” that was used during the Obama administration and has been proven to be ineffective, to bully China with the rules of the cyberspace game. The Chinese government, industry associations, and mainstream media strongly protested and refuted the US move. In fact, China is the biggest victim of cyber attacks, and the United States is the “number one hacker” in outright cyber attacks.
The Links: LC260W01-A5K1 L7915CV