TSA Renews and Revises its Cybersecurity Requirements for Pipelines

Recently, the Transportation Security Administration (TSA) has renewed and revised its cybersecurity regulations for pipeline owners and operators. The original TSA security directive was established in 2021 following the unprecedented ransomware attack on Colonial Pipeline that sparked wide-ranging government efforts to protect critical infrastructure. The TSA has since updated the directive , “due to the ongoing cybersecurity threat to pipeline systems”. The document also states, “This Security Directive requires actions necessary to protect the national security, economy, and public health and safety of the United States and its citizens from the impact of malicious cyber intrusions affecting the nation's most critical gas and liquid pipelines”. 

Unfortunately, the “ongoing cybersecurity threat” noted by the TSA is affecting not only pipelines but also other organizations across all critical infrastructure sectors. This is largely because malicious actors are increasingly recognizing that such organizations have an exceedingly low tolerance for downtime, are truly essential to our society, and tend to be uniquely predisposed to cybersecurity weaknesses. Thankfully, the TSA is taking action to strengthen cybersecurity resilience and prevent operational disruption and infrastructure degradation for pipeline owners and operators. As malicious actors increase in sophistication and the threat landscape continues to evolve, the TSA has established updated cybersecurity measures that Owner/Operators must follow. Identified below are the measures which have previously been established and which new measures have been added: 

Established Measures: 

1. Identify the Owner/Operator’s critical cyber systems

2. Implement network segmentation policies and controls 

3. Implement access control measures 

4. Implement continuous monitoring and detection policies and procedures 

5. Reduce exploitation of unpatched systems

New Measures:

1. Develop and maintain a cybersecurity incident response plan

2. Develop a cybersecurity assessment plan for proactively assessing and auditing cybersecurity measures 
   

The updated TSA requirements are another step in the right direction when it comes to protecting some of the nation’s most critical infrastructure. The challenge for many pipeline owners and operators, however, is where to begin in the implementation process. Having long partnered with the public sector, Claroty has helped customers in all critical infrastructure sectors comply with industry regulations and standards. In order to meet TSA cybersecurity requirements, we have outlined the following three steps to get organizations started on their road to compliance: 

1. Gain Comprehensive Visibility: 

In order to comply with the TSA cybersecurity requirements, pipeline owners and operators must first gain complete visibility into all connected assets that underpin their critical operations. By establishing an asset inventory spanning their entire extended internet of things (XIoT), organizations can gain a single source of truth as the foundation for protecting their operations, while adhering to this TSA directive along with other cybersecurity requirements. Once established, organizations can utilize their asset inventory to determine how assets are communicating with one another on the network. This baseline of communication will allow for the proper network segmentation policies to be enforced, allowing organizations to easily fulfill this portion of the TSA requirements.

1. Establish Frictionless Remote Access:

Highly controlled yet frictionless remote access to critical systems is essential to operational continuity in the transportation sector. With a solution like Claroty’s Secure Remote Access, organizations can meet the TSA cybersecurity requirements for access control with respect to both onsite and remote, as well as both internal and third-party, users. Pipelines have a complex attack surface due to the combination of proprietary protocols used by XIoT assets and the escalation of cyber threats in recent years, making continuous monitoring and detection policies and procedures difficult to achieve. At Claroty, we have deep visibility and domain expertise that enables us to continuously monitor even the most obscure environments, alert organizations to real threats, and fulfill TSA’s cybersecurity requirements.

1. Reduce Unpatched Vulnerabilities:

Legacy systems and unpatched vulnerabilities are unfortunately the status quo in the transportation industry. Thankfully, Claroty understands the complex and consequential nature of these environments and has developed enterprise-wide visibility and domain expertise that defends our customers' environments against insecure protocols, common vulnerabilities and exposures (CVEs), and other security weaknesses. We also offer fully customizable risk scoring to help organizations understand the risk of each vulnerability and how to prioritize their remediation efforts. These capabilities and guidance allow pipeline organizations to both comply with TSA requirements and to drive cyber resilience across their critical operations and infrastructure.

As the XIoT becomes increasingly interconnected, we’ve seen the implications of attacks to critical infrastructure, like the Colonial Pipeline incident, cause unprecedented disruption. To protect your organization from the ever-evolving threat landscape, it is important to understand the requirements of TSA’s security directive and how to get started, no matter where you are on your cybersecurity journey. With the updated TSA security directive, and the help of a cyber-physical systems (CPS) security vendor, like Claroty, organizations can protect the systems that underpin their most critical operations and infrastructure — and, ensure cyber and operational resilience.