TSA Updates Pipeline Cybersecurity Requirements

  /     /     /  
Publicated : 23/11/2024   Category : security


TSA Updates Pipeline Cybersecurity Requirements


The updates will require pipeline owners and operators to do more than just plan for potential cyberattacks; now, those plans will need to be tested.



A year after the Transportation Security Administration (TSA) 
updated requirements
 for pipeline owners and operators to improve their defenses against cyberattacks in the wake of the Colonial Pipeline debacle, it has released an updated version with additional cybersecurity requirements to be fulfilled. 
Owners and operators will now be required to enhance cyber resilience through implementation of a TSA-approved Cybersecurity Implementation Plan (CIP), along with testing of at least two objectives in the proposed plans.
TSA administrator 
David Pekoske
 said that while earlier versions of the policy required these processes and plans to be developed, owners and operators are now required to actually test the plans and evaluate them. The plans, a schedule for assessing and auditing those cyber measures, and a report of the previous years assessment will all be required to be submitted annually. 
All of the existing requirements, such as reporting significant cyber-related incidents to CISA, designating a point of contact, and conducting a vulnerability assessment, will also remain in place.
These changes continue to roll in years after the 
Colonial Pipeline hack
, which exposed severe cyber vulnerabilities in critical infrastructure that threat actors are all too willing to take advantage of. 
This revision retains the transition to a more flexible, performance-based approach requiring all Owner/Operators to submit a Cybersecurity Implementation Plan for TSA approval. All currently identified critical Owner/Operators have a 
TSA-approved Cybersecurity Implementation Plan
 in place, stated the 
US Department of Homeland Security memorandum


Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
TSA Updates Pipeline Cybersecurity Requirements