The Transportation Security Administration (TSA) recently updated one of the two pipeline cybersecurity directives it issued after the 2021 ransomware attack on Colonial Pipeline, and the second directive will be updated in July, according to a TSA spokesman.
In late May, TSA updated the required reporting speed for oil and gas pipelines dealing with a cyberattack. The agency in 2021 had required reporting within 12 hours but in its update lengthened the time period to 24 hours.
The second directive required measures to reduce vulnerabilities and increase resilience for both information technology and operational technology. It also required development of contingency and recovery plans and annual third-party tests of the effectiveness of cybersecurity practices. It is to be updated before its July 26 expiration.
“We anticipate the reissued security directive to afford greater flexibility to industry in achieving critical cybersecurity outcomes,” the spokesman said. The updated second directive “will transition to a performance-based model that will enhance security and provide the flexibility needed to ensure cybersecurity advances with improvements in technology.”
He added that TSA is consulting with industry stakeholders and federal partners while modifying the directive.
The update for the second directive was partly in response to what TSA called an “unprecedented” number of alternative measure requests—more than 280.
So far, according to TSA, the agency has not received any notification an operational disruption caused by a specific security requirement. And the agency said it has received fewer than 10 notifications indicating concern about a potential future disruption.
TSA also intends to issue a notice of proposed rulemaking within the next year with the goal of codifying, for the first time, a number of cybersecurity requirements for pipelines and surface transportation systems.
“This action will protect critical transportation infrastructure from continually evolving and increasingly sophisticated cyber threats,” the spokesman said.
The ransomware attack on Colonial Pipeline in May 2021 revealed security vulnerabilities in the pipeline sector and triggered a 6-day shutdown of the pipeline that ended after Colonial paid a ransom to the DarkSide cybercriminal gang (OGJ Online, May 10, 2021).
