Ongoing cybersecurity threats against U.S. pipeline systems have prompted the Transportation and Security Administration to renew cybersecurity guidelines for pipeline operators, reports The Record, a news site by cybersecurity firm Recorded Future.
Aside from submitting an Updated Cybersecurity Assessment Plan annually, pipeline operators have been required to report cybersecurity assessment results of the previous year while offering a yearly cyber measure audit schedule. Operators should also evaluate two or more Cybersecurity Incident Response Plan objectives annually while reporting incidents to the Cybersecurity and Infrastructure Security Agency, designating a contact person for cybersecurity matters, and performing cybersecurity vulnerability evaluations.
Minor updates regarding notifications of plan or pipeline operation changes to the TSA have also been included in the renewed regulations.
"Overall it's great to see updates being made by TSA to clarify the requirements and in some cases, remove any loopholes as a result of practical application of these Security Directives in the field. I would expect more revisions as assessments and technical evaluation of control effectiveness are conducted in the years to come," said XONA Systems Field Chief Technology Officer Ron Fabela.