The latest resilience news from around the world

DHS announces new cyber security requirements for critical US pipeline owners and operators

In response to the ongoing cyber security threat to pipeline systems, DHS’s Transportation Security Administration (TSA) has announced the issuance of a second Security Directive that requires owners and operators of TSA-designated critical pipelines that transport hazardous liquids and natural gas to implement a number of urgent protective actions.

The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) advised TSA on cyber security threats to the pipeline industry, as well as technical countermeasures to prevent those threats. The resulting Security Directive requires owners and operators of TSA-designated critical pipelines to implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, develop and implement a cyber security contingency and recovery plan, and conduct a cyber security architecture design review.

This is the second Security Directive that TSA has issued to the pipeline sector this year, building upon an initial Security Directive that TSA issued in May 2021 following the ransomware attack on a major petroleum pipeline. The May 2021 Security Directive requires critical pipeline owners and operators to:

  • Report confirmed and potential cybersecurity incidents to CISA;
  • Designate a Cybersecurity Coordinator to be available 24 hours a day, seven days a week;
  • Review current practices; and
  • Identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.