Preparing For And Responding To Cybersecurity Incidents: What Critical Pipeline Owners And Operators Need To Do As TSA Announces New Cybersecurity Requirements

Adams and Reese

At Adams & Reese, we take things personally. Our people are connected – to each other, to our clients, our families, and our communities. Our industry-focused practice groups of attorneys and advisors are strategically organized throughout the southern U.S. and Washington, DC.

Adams & Reese professionals are known as practical and personal advisors and advocates who tailor their approach and counsel to the specific needs of each situation and client. Many on our team have years of on-the-job experience within the industries that we serve as executives, professionals, and in-house counsel. Taking a hands-on, personal approach to every issue, challenge and opportunity our clients face, Adams & Reese lawyers and advisors are skilled and ready to help clients achieve their goals and make their lives easier.

Explore Firm Details

On May 27, the Department of Homeland Security's Transportation Security Administration announced a Security Directive designed to "better identify, protect against, and respond to threats

United States Technology

Article Insights

Adams and Reese are most popular:

within Technology topic(s)
with readers working within the Environment & Waste Management industries

On May 27, the Department of Homeland Security's Transportation Security Administration announced a Security Directive designed to "better identify, protect against, and respond to threats to critical companies in the pipeline sector."

The Security Directive comes in the wake of the Colonial Pipeline shutdown following a ransomware attack.

Highlights of the Security Directive

Critical pipeline owners and operators will be required to:

Report confirmed and potential cybersecurity incidents to the DHS Cybersecurity and Infrastructure Security Agency (CISA)
Designate a Cybersecurity Coordinator, to be available 24 hours a day, seven days a week
Review current practices and identify gaps and related remediation measures, and report the results to TSA within 30 days

TSA is also considering additional mandatory measures to assist the pipeline industry in enhancing it cybersecurity programs and practices.

Previous Security Guidance for Pipeline Owners and Operators

CISA Alert "Ransomware Impacting Pipeline Operations". Last year, in the wake of a ransomware attack on the OT systems of a natural gas compression facility, CISA warned operators of how hackers can move between IT and OT networks and disable assets on both networks. The CISA alert recommended that pipeline operators consider several actions to prevent or limit these risks.

TSA Pipeline Security Guidelines. These guidelines, issued in March of 2018 and updated in April of 2021, provide a framework for a corporate security program, risk analysis, and specific facility and cyber asset security measures.
NIST Framework for Improving Critical Infrastructure Cybersecurity. This framework is designed to enable organizations of all types to apply principles and best practices of risk management to improve security and resilience.

Our Privacy, Cybersecurity and Data Management Team will continue to monitor the latest requirements and best practices recommendations for pipeline owners and operators, and provide insights on the efforts of critical infrastructure organizations to build resilience and improve their security programs.

Originally published 27 May 2021.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]

Preparing For And Responding To Cybersecurity Incidents: What Critical Pipeline Owners And Operators Need To Do As TSA Announces New Cybersecurity Requirements

Contributor

Technology

Contributor

United States