The Transportation Security Administration has issued a Security Directive that will enable the Department of Homeland Security to better identify, protect against, and respond to threats to critical companies in the pipeline sector. The directive requires critical pipeline owners and operators to report confirmed and potential cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency and to designate a Cybersecurity Coordinator, who must be available 24 hours a day, seven days a week. The directive also requires critical pipeline owners and operators to review their current practices, identify any gaps and related remediation measures, and report the results to TSA and CISA within 30 days.
TSA is also considering additional mandatory measures that would help the pipeline industry strengthen cybersecurity and the public-private partnership.
Sources:
- Department of Homeland Security: DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators
- Breaking Defense: DHS Cyber Order Signals Shift To ‘Mandatory Measures’
- Federal News Network: US Pipelines Ordered to Increase Cyber Defenses After Hack
- Nextgov: Pipeline Companies Have One Week to Identify Cybersecurity Coordinators Under TSA Directive
- CyberScoop: TSA Cyber Requirements Would Fine Pipeline Operators for Lax Security Practices