Cybersecurity

TSA ramps up fuel pipeline cyber strategy

Shutterstock ID  1060101578 By Sundry Photography pipeline san jose 

David Pekoske, administrator of the Transportation Security Administration, told the Senate Commerce Committee on Tuesday that the agency has received responses from all of the energy pipeline companies tasked with reporting cybersecurity incidents, assigning a cybersecurity coordinator to be on call and reviewing their existing cybersecurity practices under a May 20 directive.

TSA's role in regulating the cybersecurity of U.S. pipeline infrastructure has been under increased scrutiny since the ransomware attack targeting the business IT systems of Colonial Pipeline, which led to the halting of gas to service stations in much of the East Coast in early May.

Pekoske also explained that TSA's second security directive issued in June, most of which is non-public, involves a look at "whether or not a business IT system might bridge into an operating technology system, which could, in the case of a pipeline, affect the flow of product through that pipeline."

Sen. Maria Cantwell (D-Wash.), the chair of the committee, noted that pipeline security appeared to be a neglected part of TSA's operations, which largely focus on security screening for air travelers.

"At one point, TSA only had six individuals working in the pipeline security group and that number has now grown to 34, but they're covering 2.7 million miles of pipeline, and we need to increase our accountability over this issue," Cantwell said at the hearing.

Leslie Gordon, acting director of Homeland Security and Justice at the Government Accountability Office, told lawmakers that TSA had made progress in addressing outstanding recommendations about pipeline cybersecurity from reports dating back to 2018, but that the new directives may create additional workforce needs.

"This security directive is placing significant additional cybersecurity requirements on private sector-owned pipeline owner-operators and likely will generate additional information for TSA on cybersecurity needs and likely add to TSA's volume of work," Gordon said at the hearing.

Gordon also noted that the security measures promulgated in the TSA directives "do not include several known mitigation strategies for current cyber threats, including ransomware attacks."

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

Stay Connected