Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

TSA offers peek at second pipeline directive

published on 2021-06-15 21:46:00 UTC by Joe Uchill
Content:
In an aerial view, fuel holding tanks are seen at Colonial Pipeline’s Dorsey Junction Station on May 13, 2021 in Washington, DC. (Photo by Drew Angerer/Getty Images)

At a joint hearing of the House Homeland Security subcommittees on transportation and cybersecurity, a representative of the Transportation Security Agency outlined what to expect from an upcoming security directive for oil and gas pipelines.

The TSA is the agency tasked with pipeline security. After the Colonial Pipeline ransomware incident, it took a landmark step of mandating security practices at pipeline using its emergency authorities. But it did so saying that the first order would soon be followed by a second. Proctor’s glimpse at the second order is the first public preview of that order.

“It will have a lot more detail and be more perscriptive in terms of the mitigation measures required,” said Sonya Proctor, assistant administrator for surface operations for the TSA.

Proctor said that order would be specific enough in its perscriptive requirements that it would be marked security sensitive information, not quite classified but still intended to be kept away from the public eye.

Details emerged after chair of the transportation subcommittee Bonnie Watson Coleman, D-N.J., asked if there was any way to enforce the self-reporting requirements put forth in the first order.

“There is a requirement for companies to conduct a self-assessment as part of those requirements in security directive one. However, we are continuing to develop additional measures for companies and we are developing now a second security directive, which would have the force of a regulation that would require more specific mitigation measures. And it will ultimately include more specific requirements with regard to assessment,” she said, latter adding that the directive would be subject to inspection by the TSA’s principal security investigators.

Elswhere in her testimony, Proctor said that a popular emerging narrative among lawmakers to show Colonial acting abnormally irresponsible was off base. At House and Senate hearings last week as well as the hearing today, lawmakers were particularly incensed by Colonial Pipeline repeatedly rescheduling voluntary security inspections from the TSA before being struck by ransomware. The CEO of Colonial Joseph Blount, explained the delay as the result of COVID-19 and wanting to schedule the inspection for after the company moved locations.

Proctor said delays like this were not out of the ordinary.

“During the pandemic, there were a number of companies that had limited personnel on site, she said. “They considered that personnel on site essential personnel. They did restrict them from a lot of interaction with outsiders.”

The post TSA offers peek at second pipeline directive appeared first on SC Media.

Article: TSA offers peek at second pipeline directive - published over 3 years ago.

https://www.scmagazine.com/home/security-news/ransomware/tsa-offers-peek-at-second-pipeline-directive/   
Published: 2021 06 15 21:46:00
Received: 2021 06 15 22:01:23
Feed: SC Magazine
Source: SC Media
Category: News
Topic: Cyber Security
Views: 10

Custom HTML Block

Click to Open Code Editor