https://fcw.com/articles/2019/06/05/tsa-pipeline-security.aspx
By Derek B. Johnson
FCW.com
June 05, 2019
The Transportation Security Administration's plans for pipeline security
aren't keeping up with rising threats in cyberspace, according to the
Government Accountability Office.
An audit released June 5 found that the agency, which has primary
responsibility for monitoring and securing the nation's 2.7 million miles
of gas and oil pipelines, hasn't updated two plans that formally outline
how agencies and other stakeholders should respond to security incidents
in years.
TSA last issued its Pipeline Security and Incident Recovery Protocol Plan,
which outlines roles and responsibilities for federal agencies and the
private sector in the wake of a pipeline security incident, in 2010.
Auditors said the plan hasn't been revised since then to account for the
rising importance of cybersecurity threats to critical infrastructure. A
similar agreement between TSA and the Department of Transportation's
Pipeline and Hazardous Materials Safety Administration (PHMSA) outlining
specific roles and responsibilities for pipeline security hasn't been
updated since 2006.
The recovery protocol plan "does not identify the cybersecurity roles and
responsibilities of federal agencies that are identified in the plan, such
as [Department of Energy], Federal Energy Regulatory Commission (FERC), or
the FBI, or discuss the measures these agencies should take to prevent,
respond to, or support pipeline operators following a cyber incident
involving pipelines," the report stated.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
