"TSA Issues Cybersecurity Requirements for Pipelines"

The U.S. Transportation Security Administration (TSA) issued a directive Tuesday requiring owners and operators of TSA-designated critical pipelines to implement cybersecurity controls.  The latest directive by TSA applies to companies transporting hazardous liquids and natural gas.  This security directive requires owners and operators of TSA-designated critical pipelines to implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems.  The owners and operators of TSA-designated critical pipelines must also develop and implement a cybersecurity contingency and recovery plan and conduct a cybersecurity architecture design review.  The new TSA requirements build off another DHS directive issued in May following the ransomware attack on Colonial Pipeline Co. The DHS directive required pipelines to report confirmed and potential cybersecurity incidents to CISA, designate a cybersecurity coordinator to be available around the clock, review current practices, and identify gaps and remediation measures to address cyber-related risks.  

Data Breach Today reports: "TSA Issues Cybersecurity Requirements for Pipelines"