TSA Official: Feds Improved Cybersecurity Response Post-Colonial Pipeline

US Transportation Security Agency (TSA) administrator reflects on how the Colonial Pipeline incident has moved the needle in public-private cooperation.

In the wake of the ransomware attack on the Colonial Pipeline, the US Transportation Security Agency — the agency that regulates pipelines as well as air travel, railways, highways, and mass transit systems — brought together the CEOs of more than two dozen critical pipeline operators for a top-secret briefing in the White House.
The TSA planned to hand down security directives to drive pipeline operators to enhance security, and they knew those companies CISOs would have to ask their CEOs for more resources and higher priority, David Pekoske, administrator of the Transportation Security Administration, told attendees at the Hack the Capitol conference in McLean, Va. on May 11.
During that meeting, the TSA and other administration officials outlined the threat to critical infrastructure and why the pipeline operators needed to work with the government to make pipeline operations more resilient, he said.
We knew we were going to be asking a lot of the industry — we want the CEOs themselves to see what the threat was, or see why we were so concerned about this, Pekoske said. I would label that as an absolute best practice, because that really paved the way for rapid implementation and really paved the way for continued top-level communications between myself and those CEOs.
The TSA took the same approach to each of its critical infrastructure sectors as well, which resulted in creating a better approach to implementing a concept to which the government has repeatedly referenced for more than a decade: The public-private partnership. Along with cybersecurity experts at the Joint Cyber Defense Collaborative (JCDC) and government officials with the Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA), the TSA worked with critical-infrastructure operators and industrial control systems partners to adapt its approach to cybersecurity, Pekoske told attendees.
We have pivoted over the course of these two years to become, in our view, even more effective in cybersecurity with our partners in the transportation sector, he said. The goal is to build resiliency within that infrastructure sector, so that if attacked, the services that the critical infrastructure sector provides could come back online quickly.
Following
the Colonial Pipeline attack
, the TSA initially focused on prescribing specific cybersecurity measures, but quickly realized — after listening to industry feedback — that if the agency maintained that approach, the technology would change in the next 12 to 18 months, leaving their recommendations outdated.
We cant turn the crank on the regulatory process within that time frame, he said. So instead, weve gone into this performance-based model, which is something that the national cyber strategy calls for and is really, I think, the way to go.
The performance-based model requires that specific outcomes be achieved, including focusing on resiliency, creating a cybersecurity implementation plan, establishing regular cyber assessments, and creating a plan for response, Pekoske said.
Working with industry, meeting with cybersecurity teams and executives, and understanding their business concerns are all critical to creating a resilient cyber infrastructure, he told
Hack the Capitol attendees
.
To me, success as the administrator is when somethings really bothering a CEO, that person feels like they can call me and just say, Hey, Im hearing this, Im really concerned about it. Can you help me out here? he said. As a taxpayer, thats kind of really what I think ought to happen in government ... you can always make 10 or 15 minutes, particularly for somebody whos running a critical piece of our national infrastructure.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
TSA Official: Feds Improved Cybersecurity Response Post-Colonial Pipeline