Powering Strong Communities

TSA requires pipeline owners, operators to report cybersecurity incidents

The Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) on May 27 unveiled a security directive that will require critical pipeline owners and operators to report confirmed and potential cybersecurity incidents to the DHS Cybersecurity and Infrastructure Security Agency (CISA) and to designate a cybersecurity coordinator, to be available 24 hours a day, seven days a week. 

The directive will also require critical pipeline owners and operators to review their current practices as well as to identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days, DHS said.

TSA is also considering follow-on mandatory measures “that will further support the pipeline industry in enhancing its cybersecurity and that strengthen the public-private partnership so critical to the cybersecurity of our homeland,” DHS noted.

DHS noted that since 2001, TSA has worked closely with pipeline owners and operators as well as its partners across the federal government to enhance the physical security preparedness of U.S. hazardous liquid and natural gas pipeline systems.

The new TSA security directive “also highlights the critical role that CISA plays as the country’s national cyber defense center,” DHS said. Last December, Congress, through the National Defense Authorization Act, empowered CISA to execute its mission to secure federal civilian government networks and the nation’s critical infrastructure from physical and cyber threats, DHS noted.

Colonial Pipeline was the recent victim of a cybersecurity attack involving ransomware. Colonial Pipeline initiated the restart of pipeline operations at approximately 5 p.m. ET on Wednesday, May 12. “Since that time, we have returned the system to normal operations, delivering millions of gallons per hour to the markets we serve,” it said in a May 15 tweet.

Ransomware is a very familiar threat to the public power segment of the industry and APPA held a webinar on April 21 of this year, with the Cybersecurity and Infrastructure Security Agency. The slide deck and the recording can be accessed here. Additionally, the Electricity Information Sharing and Analysis Center (E-ISAC) in February of this year released a report labeled Ransomware Trends for Utilities and APPA encourages public power utilities to review this resource.

APPA continues to stress the importance of public power utilities joining the E-ISAC for timely and actionable sharing of threats to the electricity subsector. To learn more about the E-ISAC and how to join, visit the E-ISAC website or contact E-ISAC Member Services.

Any questions can be directed to: [email protected].