Mike Mareen | Shutterstock

A second directive issue by TSA in July requires owners and operators of designated critical pipelines to implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems. Additionally, covered pipeline owners and operators must develop and implement a cybersecurity contingency and recovery plan, and conduct a cybersecurity architecture design review. Because the July directive requires the covered pipeline owners and operators to implement specific cybersecurity practices, this directive is designated as “security sensitive,” and a DHS spokesperson has reported that its distribution will be limited to those with a need to know.

Source: