Owners and operators of oil and gas pipelines designated as critical must implement “a number of urgently needed protections against cyber intrusions,” the Transportation Security Administration (TSA) announced June 20.
The security directive requires “specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, develop and implement a security contingency and recovery plan, and conduct a cybersecurity architecture design review,” TSA said.
The agency was advised in developing its security directive by the Cybersecurity and Infrastructure Security Agency, both agencies being part of the Department of Homeland Security (DHS).
“Through this security directive, DHS can better ensure the pipeline sector takes the steps necessary to safeguard their operations from rising cyber threats,” Homeland Security Secretary Alejandro Mayorkas said.
TSA did not release the text of the directive along with the announcement, nor has it yet responded to questions about whether the text will be made publicly available.
This is the second security directive issued by TSA to the pipeline sector since a ransomware attack on the Colonial Pipeline in early May. The first directive required pipeline companies to conduct a cybersecurity review, with a late-June deadline for reporting the results (OGJ Online, June 11, 2021).
