Hello, Guest!

Cybersecurity

Sonya Proctor: TSA Creating New Security Directive for Pipeline Cybersecurity Mitigation Measures

Pipeline cyber directive

Sonya Proctor: TSA Creating New Security Directive for Pipeline Cybersecurity Mitigation Measures

The Transportation Security Administration is developing a second security directive focusing on requirements for pipeline cybersecurity mitigation measures.

Sonya Proctor, the TSA’s assistant administrator for surface operations, testified before two subcommittees of the House Homeland Security Committee on Tuesday.

Proctor noted that the new directive will be a security-sensitive information document and will prescribe mitigation measures.

During the hearing to tackle the effects of the ransomware attack against Colonial Pipeline, Proctor said that the TSA has assigned a group of inspectors to enforce the requirements for cybersecurity mitigation measures, FCW reported.

Proctor’s remarks on the upcoming directive were in response to a question from Rep. Bonnie Coleman regarding how the agency will verify information that companies report to the federal government and the consequences if the contractors misrepresent themselves.

Colonial Pipeline was targeted on May 7.

Weeks after the attack, the TSA issued a security directive for pipeline owners and operators to report confirmed and potential cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency.

The directive also requires pipeline owners to designate cybersecurity coordinators and conduct self-assessments on compliance with standards.

Previously, lawmakers criticized Colonial Pipeline’s lack of cooperation with the TSA to conduct voluntary security assessments. 

At the June 15 hearing, Proctor said that delays in the assessments were due to companies citing health concerns related to the pandemic. She added that Colonial also had to postpone the assessment as the company worked on software updates.

The TSA assistant administrator shared that the agency had spoken with Colonial in March, asking for six weeks to complete cyber updates.

Those six weeks follow the week after the cyberattack, Proctor said.

Potomac Officers Club Logo
Become a Potomac Officer Club Insider
Sign up for our weekly email & get exclusive event, and speaker updates, and find networking opportunities to connect with GovCon decision makers.

Category: Cybersecurity