Watchdog: Current pipeline security plans weak on cybersecurity, coordination

[InfoSec News <alerts () infosecnews org>]

https://fcw.com/articles/2019/06/05/tsa-pipeline-security.aspx

By Derek B. Johnson
FCW.com
June 05, 2019

The Transportation Security Administration's plans for pipeline security 
aren't keeping up with rising threats in cyberspace, according to the 
Government Accountability Office.

An audit released June 5 found that the agency, which has primary 
responsibility for monitoring and securing the nation's 2.7 million miles 
of gas and oil pipelines, hasn't updated two plans that formally outline 
how agencies and other stakeholders should respond to security incidents 
in years.

TSA last issued its Pipeline Security and Incident Recovery Protocol Plan, 
which outlines roles and responsibilities for federal agencies and the 
private sector in the wake of a pipeline security incident, in 2010. 
Auditors said the plan hasn't been revised since then to account for the 
rising importance of cybersecurity threats to critical infrastructure. A 
similar agreement between TSA and the Department of Transportation's 
Pipeline and Hazardous Materials Safety Administration (PHMSA) outlining 
specific roles and responsibilities for pipeline security hasn't been 
updated since 2006.

The recovery protocol plan "does not identify the cybersecurity roles and 
responsibilities of federal agencies that are identified in the plan, such 
as [Department of Energy], Federal Energy Regulatory Commission (FERC), or 
the FBI, or discuss the measures these agencies should take to prevent, 
respond to, or support pipeline operators following a cyber incident 
involving pipelines," the report stated.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_