Can Critical Infrastructure Companies Prevent Ransomware Attacks?
Can critical infrastructure pipeline owners and operators flat out prevent another ransomware attack similar to the one that knocked Colonial Pipeline on its back for five days?
The answer: No. But the Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) is getting there, issuing a security directive that requires owners and operators of critical infrastructure pipelines to implement specific mitigations to protect against ransomware attacks. The agency has also ordered critical pipeline owners and operators to:
- Develop and implement a cybersecurity contingency and recovery plan.
- Conduct a cybersecurity architecture design review.
The order is particularly important to managed security service providers (MSSPs) engaging customers in the energy sector and other critical infrastructure segments.
“The lives and livelihoods of the American people depend on our collective ability to protect our nation’s critical infrastructure from evolving threats,” said DHS secretary Alejandro Mayorkas of the new TSA directive. “Through this security directive, DHS can better ensure the pipeline sector takes the steps necessary to safeguard their operations from rising cyber threats, and better protect our national and economic security,” he said.
TSA Doubles Down On U.S. Pipeline Infrastructure Security
It’s the second security-related command that TSA has directed at the pipeline sector in the past two months. Last May, in the immediate wake of the Colonial Pipeline ransomware attack, TSA issued its first ever mandatory security order aimed at shoring up the nation’s oil and gas pipelines to repel cyber offensives. The instruction requires critical pipeline owners and operators to report confirmed and potential cybersecurity incidents to DHS’ Cybersecurity and Infrastructure Agency (CISA). In addition:
- Owners and operators must designate a 24/7/365 cybersecurity coordinator.
- Critical pipeline owners and operators will be required to review their current practices and identify any gaps and related remediation measures to address cyber-related risks.
- Results must be reported to TSA and CISA within 30…
