💰💣

Suncor Energy Security Incident

27/07/2023 788 days ago Resolved

Incident Overview

Situation Description

The Transportation Security Administration revised its security directive on cybersecurity for oil and natural gas pipelines due to heightened threats and security incidents, including a recent attack against Suncor Energy.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Energy

Geographic Scope

National (Other)

Response Actions

Revised Incident Response Plan Enhanced Third-Party & Supply Chain Risk Management

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

Primary Impacts

Operational Disruption

Key Decisions Made

Operators must submit an updated cybersecurity assessment plan to the TSA annually for review and approval.; Operators must report the results from prior year assessments every year and include a schedule for assessing and auditing specific cybersecurity measures.; TSA requires 100% of the owner/operators cybersecurity measures be tested every three years.

Technical Analysis

Attack Method

Unknown

Additional Information

An article from TSA revises security directives for oil, gas pipelines to test resilience The updated requirements come amid heightened threats and security incidents, including the recent attack against Suncor Energy in Canada. Published July 27, 2023 David Jones Reporter post share post print email license In an aerial view, fuel holding tanks are seen at Colonial Pipeline's Dorsey Junction Station on May 13, 2021 in Washington, DC. Drew Angerer via Getty Images First published on Listen to the article 3 min This audio is auto-generated. Please let us know if you have feedback . The Transportation Security Administration revised its security directive on cybersecurity for oil and natural gas pipelines Wednesday. The directive was issued and later renewed following the ransomware attack on Colonial Pipeline . The updated security directive calls for operators to test previously mandated processes and implementation plans . Oil and natural gas pipeline owners must now: Submit an updated cybersecurity assessment plan to the TSA annually for review and approval. Report the results from prior year assessments every year and include a schedule for assessing and auditing specific cybersecurity measures to ensure they are effective. "TSA requires 100% of the owner/operators cybersecurity measures be tested every three years." At least two Cyber Incident Response Plan measures must be tested. Individuals serving in positions identified in the CIRP response plans need to be included in annual exercises. The new directive seeks to strengthen the resilience of these pipeline s and includes input from industry stakeholders and federal partner agencies, including the Cybersecurity and Infrastructure Security Agency and the Department of Transportation. TSA is committed to keeping the nations transportation system secure in this challenging cyber threat environment, TSA Administrator David Pekoske said in the announcement. The revised security directive sustains the strong...

... (truncated for display)

Quick Facts

Company:: Suncor Energy
Date:: 27/07/2023
Status:: Resolved
Decision Maker:: Transportation Security Administration
Position:: nan
Published:: 27/07/2023

Source Information

Original Query

TSA pipeline security directive implementation audit reports post-Colonial attack

View Original Source

Timeline

Information Published

27/07/2023

Incident Occurred

27/07/2023 (788 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats