USA: DHS announces cybersecurity requirements for critical pipeline owners and operators
The U.S. Department of Homeland and Security ('DHS') issued, on 20 July 2020, their second Security Directive that requires owners and operators of Transportation Security Administration ('TSA') designated critical pipelines that transport hazardous liquids and natural gas to implement a number of urgently needed protections against cyber intrusions. In particular, the DHS noted that this Security Directive requires owners and operators of TSA designated critical pipelines to implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, develop and implement a cybersecurity contingency and recovery plan, and conduct a cybersecurity architecture design review. In addition, the DHS highlighted that this is the second Security Directive that TSA has issued to the pipeline sector this year, building upon an initial Security Directive that the TSA issued in May 2021 following the ransomware attack on a major petroleum pipeline.
You can read the press release here.