In 2021, the largest pipeline system in the U.S. for refined oil products suffered a ransomware cyberattack that would create lasting impacts in the oil and gas industry, namely how the sector can prevent similar attacks in the future.
One of the main impacts of the attack is the follow-up action and regulation that has been enforced by the U.S. Transportation Safety Administration (TSA). In May 2021, immediately after the attack, the TSA issued a security directive requiring oil and gas pipeline companies to:
- Report cybersecurity incidents and threats to the Cybersecurity and Infrastructure Security Agency (CISA).
- Appoint a cybersecurity coordinator who is available 24 hours a day, seven days a week.
- Review and understand up-to-date cybersecurity practices.
- Identify any gaps or remediation measures related to cybersecurity risks and report the results to the TSA and CISA within 30 days.
While the original directive was intended to quickly reduce and deter any further cyberattacks to oil and gas pipeline companies, the one-size-fits-all approach has required revisions as time has passed. Since the attack, the threat to the industry has evolved, and minimizing risk prompted some important edits to the TSA regulations.
According to the TSA, the new, revised directive offers an innovative and performance-based approach to improving security. These new conditions will be upheld by pipeline owners and operators in conjunction with the initial regulations that were released by the TSA.
In the revised directive, issued July 2022, pipeline owners and operators are required to:
- Create and utilize a TSA-approved Cybersecurity Implementation Plan that lays out the exact measures the owners and operators are putting into place in order to meet the outcomes of the directive.
- Develop a Cybersecurity Incident Response Plan that describes the actions that will be taken by owners and operators in the event of a cybersecurity disruption.
- Establish a Cybersecurity Assessment Program that regularly tests the effectiveness of the owner’s/operator’s security measures and detects and fixes vulnerabilities.
Maintaining resilient security measures, following TSA guidance and creating agile remediation plans remain crucial in protecting valuable assets as the risk for cyberattacks targeting critical infrastructure continues to increase.
In order to manage risk, you need a steady hand to navigate ever-evolving standards and regulatory challenges.