Increased security measures for oil and gas pipelines as TSA adjusts procedures to evaluate strength and durability.

Increased security measures for oil and gas pipelines as TSA adjusts procedures to evaluate strength and durability.

The Transportation Security Administration (TSA) has issued a new cybersecurity directive for oil and natural gas pipelines, following the high-profile ransomware attack on Colonial Pipeline. This directive aims to prevent disruptions and degradation of critical pipeline infrastructure by implementing three specific cybersecurity measures.

The updated directive builds upon existing recommendations for pipeline cybersecurity, such as those from the Cybersecurity and Infrastructure Security Agency (CISA). It emphasizes the importance of strong perimeter defenses, isolating Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems from corporate and internet networks, multi-factor authentication, and robust cyber incident response plans.

One of the key aspects of this directive is its alignment with international standards like IEC 62443, a framework for securing Industrial Automation and Control Systems (IACS) commonly used in oil and gas operations. This move enhances compatibility with U.S. federal requirements and industry best practices.

The new directive comes in response to increasingly sophisticated ransomware attacks, which have targeted operational technology (OT) networks in pipelines, causing operational shutdowns and financial harm. It marks a significant shift towards mandatory cybersecurity regulations by the TSA for pipelines, moving beyond voluntary practices and information sharing to enforceable cyber risk management measures.

Jason Christopher, director of cyber risk at Dragos, praised the updated directive for focusing on performance-based objectives rather than prescriptive ones. However, it's worth noting that the directive does not mention specific requirements for testing all cybersecurity measures every three years or submitting an annual cybersecurity assessment plan for review and approval.

The updated directive emphasizes continuous monitoring, performing exercises, and the use of compensating controls, representing improvements for all pipeline owners and operators. It also requires pipeline owners to report the results from prior year assessments every year and include a schedule for assessing and auditing specific cybersecurity measures to ensure they are effective.

Oil and natural gas pipeline owners must now submit an updated cybersecurity assessment plan to the TSA annually for review and approval. The federal partner agencies involved in the new directive include the Cybersecurity and Infrastructure Security Agency and the Department of Transportation.

The directive allows oil and natural gas pipeline owners to use various industry standards they already incorporate, such as the NIST Cybersecurity Framework and the ISA/IEC 62443 series. It seeks to strengthen the resilience of these pipelines and includes input from industry stakeholders and federal partner agencies.

The updated directive does not mention any specific response to the ransomware attack on Colonial Pipeline or any requirement for pipeline owners to report the results from prior year assessments every year and include a schedule for assessing and auditing specific cybersecurity measures.

The oil and gas industry is currently facing heightened risks, including state-linked threats related to the Ukraine war. A recent cyberattack targeted Suncor Energy in Canada, disrupting payment transactions at over 1,500 of its Petro-Canada retail gas stations.

TSA Administrator David Pekoske reiterated the TSA's commitment to securing the nation's transportation system in the face of cyber threats. The updated directive maintains the strong cybersecurity measures already in place for the industry while calling for operators to test previously mandated processes and implementation plans.

In summary, the revised TSA directive mandates targeted cybersecurity enhancements for pipeline operators, focusing on preventing cyber incidents like ransomware attacks that can halt critical fuel delivery systems. It leverages both prescriptive security controls and adherence to recognized industrial cybersecurity standards to strengthen the resilience of these pipelines.

1. In light of the ransomware attack on Colonial Pipeline, the Transportation Security Administration (TSA) has issued a new cybersecurity directive for oil and natural gas pipelines, advocating for strict cybersecurity measures to protect against future cyber risks.
2. The updated directive aligns with international standards like IEC 62443 and encourages the use of industry standards such as the NIST Cybersecurity Framework and the ISA/IEC 62443 series to secure Industrial Automation and Control Systems (IACS) commonly used in oil and gas operations.
3. Crucial components of the new directive include strong perimeter defenses, isolating Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems, multi-factor authentication, robust incident response plans, continuous monitoring, exercises, and the use of compensating controls to enhance the resilience of oil and natural gas pipelines against cyber threats.

Read also: