Posts

TSA working on additional pipeline security regulations following Colonial Pipeline hack

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


The Transportation Security Administration (TSA) is working on an additional cybersecurity directive for pipeline companies in the wake of the ransomware attack on Colonial Pipeline.



a fenced in area: TSA working on additional pipeline security regulations following Colonial Pipeline hack


© Getty Images
TSA working on additional pipeline security regulations following Colonial Pipeline hack

“We are continuing to develop additional measures for pipeline companies, and we are developing now a second security directive which would have the force of a regulation,” Sonya Proctor, the assistant administrator for Surface Operations at TSA, testified during a hearing held by two House Homeland Security Committee subcommittees on Tuesday.

Loading...

Load Error

The new directive will be the second issued by TSA, with the agency rolling out a directive last month that required pipeline owners and operators to report cybersecurity incidents within 12 hours of discovery to the Cybersecurity and Infrastructure Security Agency (CISA). It also increased coordination between pipeline owners and both CISA and TSA.

Proctor said Tuesday that the upcoming second directive would be classified as more sensitive in nature than the first directive due to “the nature of the mitigating measures that are going to be required.”

She noted that the directive “will require more specific mitigation measures, and it will ultimately include more specific requirements with regard to assessments,” and that TSA inspectors trained in both pipeline operations and cybersecurity will be tasked with ensuring pipeline companies adhere to both directives.

“As recently evidenced, cyber intrusions into pipeline computer networks have the potential to negatively impact our national security, economy, commerce, and wellbeing,” Proctor said as part of her prepared statement for the hearing. “For these reasons, TSA remains committed to securing our Nation’s pipelines against evolving and emerging risks.”

Both directives are being put together by TSA in the wake of the ransomware attack on Colonial Pipeline last month. The company provides 45 percent of the East Coast’s fuel supply, and major gas shortages were seen in several states when Colonial was forced to shut down the entire pipeline for nearly a week to protect operational…

Source…

The Cybersecurity 202: The Colonial Pipeline hack sparks concerns about economic security


Items included $20 billion to help state, local, tribal and territorial governments modernize their energy systems to improve cybersecurity. The plan also earmarks $2 billion to support grid resilience, including cybersecurity defenses, in areas with high risk of power outages, critical infrastructure, and front-line communities.

Source…

National Security Implications of the Colonial Pipeline Hack


This article appeared in Cybersecurity Law & Strategy, an ALM publication for privacy and security professionals, Chief Information Security Officers, Chief Information Officers, Chief Technology Officers, Corporate Counsel, Internet and Tech Practitioners, In-House Counsel. Visit the website to learn more.

It is difficult, if not impossible to think of a comparable cyber event to the one that effectively shut down the fuel pipeline that feeds over a third of the United States. The incident is unprecedented, and it is almost unfathomable that it occurred — despite warnings and longstanding fears about this very type of critical infrastructure incident. As the reports roll in of yet another critical widespread security incident, we are in the midst of a national cyber crisis, in addition to a border crisis, an economic crisis, and a winding pandemic. While we may have blueprints for the resolution of these other crises, things must urgently change on the cybersecurity front.

Source…

With Single Factor Authentication You’re One Step Away from Being the Next Colonial Pipeline

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


Security is only as strong as your weakest link. And, as the bad actors know, that weak link is often single factor authentication. Compromised credentials remain the primary root cause of 80% of all data breaches (VBIR). The most recent example is the Colonial Pipeline