The Senate Committee on Commerce, Science, and Transportation held a hearing on oil and gas pipeline cybersecurity, receiving testimony from representatives of the Transportation Security Administration, Department of Transportation, and Government Accountability Office.
TSA administrator David Pekoske explained that the latter of two directives his agency issued to pipeline operators – a published one in May, a second in July but mostly unpublished for security reasons – will allow some flexibility but nonetheless “puts a mandate in place for the most critical pipeline systems to do some of those best practices.”
Leslie Gordon, acting director of homeland security and justice at GAO, said TSA has made considerable progress since an earlier scathing audit, but needs more staff and needs to better coordinate with DOT’s Pipeline and Hazardous Materials Safety Administration, which has responsibility for physical pipeline safety.
Polly Trottenberg, Deputy Secretary at DOT, spoke about PHSMA’s efforts following the Colonial Pipeline attack, as the company worked to put its systems back online using manual backup controls. “Now one thing we’re going to be looking at going forward with pipeline operators is can you get up and running manually, should an incident occur, so we can be sure we don’t have those disruptions,” Trottenberg added.
Sources:
- Nextgov: TSA, Transportation Officials Give Insight into New Cybersecurity Mandates for Pipeline Operators
- Federal Computer Week: TSA Ramps up Fuel Pipeline Cyber Strategy
- Healthcare Info Security: Experts Testify on Pipeline Cybersecurity Measures