💰💣

Transportation Security Administration (TSA) Security Incident

27/07/2023 788 days ago Resolved

Incident Overview

Situation Description

The TSA has issued an amended directive on pipeline security, SD-Pipeline-2021-02D, in response to the Colonial Pipeline ransomware attack.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Energy

Geographic Scope

National (US)

Response Actions

Revised Incident Response Plan Enhanced Third-Party & Supply Chain Risk Management

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

Primary Impacts

Operational Disruption

Key Decisions Made

Owners and operators must now test at least 30% of measures and capabilities implemented under a Cybersecurity Assessment Plan (CAP), with 100% to be tested over any three-year period.; Owners and operators must create a CAP Report and provide it to the TSA for annual review.; Owners and operators must reassess whether their systems qualify as Critical Cyber Systems after a change in operations and notify the TSA accordingly within 60 days.

Technical Analysis

Attack Method

Unknown

Additional Information

Home Insights Resilience Reimagined: TSA Amends Critical Pipeline Security Directive Resilience Reimagined: TSA Amends Critical Pipeline Security Directive Insight V&E Cybersecurity Update August 2, 2023 Insight V&E Cybersecurity Update August 2, 2023 The Department of Homeland Securitys Transportation Security Administration (TSA) has issued an amended directive on pipeline security, SD-Pipeline-2021-02D (the Directive). The Directive is based on and supersedes the previous directive, SD-Pipeline-2021-02C, and is the latest in a series of TSA directives issued in the wake of the Colonial Pipeline ransomware attack. As before, the Directive applies to TSA-designated hazardous liquid and natural gas pipelines or liquefied natural gas facilities. The newly amended Directive took effect on July 27, 2023 and expires July 27, 2024. If the TSA identifies new in-scope owners and operators, the TSA will provide specific compliance deadlines for the requirements of the Directive. Significant Changes The Directive continues to require owners and operators of critical pipelines and liquified natural gas facilities to implement cybersecurity measuressuch as reporting incidents, designating a cybersecurity coordinator, and reviewing current practicesin an effort to improve resiliency. The newly amended Directive introduces four significant changes. New Cybersecurity Assessment Plan First, the Directive now requires a Cybersecurity Assessment Plan (CAP), as opposed to the program required by earlier iterations. 1 Owners and operators must now test at least 30% of measures and capabilities implemented under a CAP, with 100% to be tested over any three-year period. In addition, owners and operators must create a CAP Report and provide it to the TSA for annual review. This CAP Report must include results of CAP assessments and disclose implemented methodology. Alternative Measures Questioned Second, the Directive removes the alternative measures safe harbor present in earlier...

... (truncated for display)

Quick Facts

Company:: Transportation Security Administration (TSA)
Date:: 27/07/2023
Status:: Resolved
Decision Maker:: Transportation Security Administration (TSA)
Position:: nan
Published:: 2/08/2023

Source Information

Original Query

TSA pipeline security directive changes following Colonial Pipeline attack

View Original Source

Timeline

Information Published

2/08/2023

Incident Occurred

27/07/2023 (788 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats