The current landscape of cyber security and recent intrusion events have brought to light the need for cyber security cultures to be engrained in crucial infrastructure industries. For several years now, the Department of Homeland Security has suggested that crucial infrastructure undergo a cyber security assessment and submit the results to CISA in an effort to help mitigate any potential intrusion in the United States. The Colonial Pipeline cyber-attack among other small ones around the country have brought new fervor to the push to get energy sector companies on the road to a cyber secure posture.
On May 27th, a new directive was issued. Compliance is required. It states that owners/operators of hazardous liquid and natural gas pipelines and related facilities must undergo a cyber security assessment. This assessment must be submitted to CISA by June 27th, 2021 using the approved forms provided by TSA.
The TSA Security Directive requires critical pipeline owners and operators to:
Critical infrastructure describes the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety. Learn more about what CSIA considers critical infrastructure in Section 5 of the Pipeline Security Guidelines located here.
TSA will notify your company of any infrastructure that is considered critical.
We will provide a comprehensive cybersecurity assessment and submit all paperwork required by TSA. Our assessment, gap analysis and remediation recommendations are what your company needs in the next few weeks to ensure compliance. Under 7.4 of the 2018 Pipeline Security Guidelines, we will adhere to API 1164, NIST 800-82, and ISA/IEC 62443 in our assessment.
Post assessment, TIGA can also provide Remediation efforts to manage the outcome of the assessment as well as consulting on the life cycle of Cyber Security Management.
If you have questions about the new directive or need an assessment, please contact our team.