Cybersecurity

Senate Republicans seek IG probe of TSA pipeline directives

pipeline (Kodda/Shutterstock.com) 

Three Republican senators including two leaders of the Homeland Security and Governmental Affairs Committee are calling for a review into how the Transportation Security Administration (TSA) developed and issued emergency security directives following the Colonial Pipeline ransomware attack earlier this year.

The emergency security directives, which were developed in consultation with the Cybersecurity and Infrastructure Security Agency (CISA), and were drafted in a manner which appeared to "depart from TSA's historically collaborative relationship with industry experts," according to a letter the committee sent to the Department of Homeland Security Office of Inspector General last week.

Lawmakers pointed to concerns about an apparent cloak of secrecy surrounding the new directives. The letter said TSA and the Department of Homeland Security Office of Legislative Affairs (DHS OLA) refused to share copies of the directives with oversight committees, despite having shared them with officials from the pipeline industry.

Additionally, TSA and CISA "failed to give adequate consideration to feedback" for the directives, the letter read, instead issuing the agency's first ever pipeline-specific security directive with little input from subject matter experts and industry stakeholders.

The letter is signed by committee ranking member Sen. Rob Portman (R-Ohio) and Sen. James Lankford (R-Okla.) who is ranking member of a subcommittee with jurisdiction over government operations. Sen. Mike Rounds (R-S.D.), the third signatory to the letter, is ranking member on an Armed Services subcommittee focusing on cybersecurity.

DHS Secretary Alejandro Mayorkas has already announced additional upcoming security directives aimed at the aviation and rail industries. In their letter to the DHS inspector general, lawmakers said reports indicate "TSA provided very little time for industry feedback" on the upcoming directives, as with those previously issued this summer.

"We agree that critical infrastructure must be protected against cyberattacks, particularly in the wake of the Colonial Pipeline ransomware attack," the lawmakers wrote. "But the process by which TSA has issued these directives raises concerns."

The lawmakers' request to DHS Inspector General Joseph Cuffari follows an August communication from trade groups representing more than 2,700 oil and gas companies to TSA Administrator David Pekoske which said that stakeholders had not been properly consulted on TSA's emergency security directives and warned of potential "operational safety and reliability" impacts.

The committee is requesting the inspector general to conduct a review within 120 days to determine the basis for employing the TSA's emergency authorities for each security directive, as well as the basis for withholding draft directives from Congress. Lawmakers also requested the office review the extent of consultation that took place between TSA, CISA, federal agencies and key stakeholders to understand the extent to which drafts were modified based on industry comments and concerns.

About the Author

Chris Riotta is a staff writer at FCW covering government procurement and technology policy. Chris joined FCW after covering U.S. politics for three years at The Independent. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president.

Featured

  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected