Tech

TSA pipeline cybersecurity under review

The agency revised how it updates voluntary security guidelines for pipeline operators in April to address increased threats of hacking and environmental terrorism.

By Dave Nyczepir

May 6, 2019

an image of the trans-alaskan oil pipeline that carries oil from the northern part of Alaska all the way to valdez. this shot is right near the arctic national wildlife refuge

The Government Accountability Office is currently reviewing the process for updating pipeline security guidelines to better protect the cybersecurity of the critical infrastructure, according to a recent report.

The Transportation Security Administration oversees the physical security and cybersecurity of more than 2.7 million miles of computerized, interstate pipeline systems used to transport oil, natural gas and other hazardous products. These systems “are attractive targets for hackers and terrorists,” according to the GAO report.

In December, GAO found TSA lacked a process to determine when to update voluntary security guidelines for pipeline operators — among nine other weaknesses — prompting the latter to submit new procedures in April.

“A minor pipeline system disruption could result in commodity price increases, while prolonged pipeline disruptions could lead to widespread energy shortages,” said William Russell, acting director of GAO, in his written testimony to the House Energy Subcommittee. “A disruption of any magnitude may affect other domestic critical infrastructure and industries that are dependent on pipeline system commodities.”

The FBI reported a nation-state targeted organizations across multiple critical infrastructure sectors, including the energy sector, in March 2018 seeking information on industrial control systems.

TSA security reviews of pipeline systems have “varied considerably over time,” according to the report, which the agency attributes to a workforce shortage. A strategic workforce plan specifying the required level of cybersecurity expertise members of TSA’s pipeline security branch are expected to have is anticipated in July.

GAO also found TSA hasn’t updated its risk assessment methodology since 2014, and the data sources tied to its risk ranking tool aren’t fully documented or up to date. TSA in April reported taking steps to address those problems.

Corporate security reviews and critical facility security reviews of the 100 most critical pipeline systems remain at the owner’s discretion. By November, TSA plans to begin tracking security review recommendations from the past five years.

TSA pipeline cybersecurity under review

More Like This

SSA database to flag synthetic identity fraud has cost issues, GAO finds

Government websites aren’t created equal. GSA’s 10x program aims to change that

MITRE’s Federal AI Sandbox will focus on critical infrastructure, weather modeling, social services

Top Stories

Data, talent, funding among top barriers for federal agency AI implementation

Announcing the 2024 FedScoop 50

House Republicans probe NIST on facial recognition for federal digital identity verification

White House’s final ‘Trust Regulation’ aims to bolster confidence in federal statistics

CISA official: AI tools ‘need to have a human in the loop’

Login.gov announces availability for facial recognition technology

More Scoops

Federal agencies affected by worldwide IT outage

Most agency AI inventories are ‘not fully comprehensive and accurate,’ GAO reports

Only 3 agencies have hit deadline for cyber event logging standards, GAO finds

Homeland Security adds facial comparison, machine learning uses to AI inventory

Watchdog calls for State Department to assess cybersecurity risks

Taxpayer information is potentially at risk due to IRS oversight weaknesses, watchdog says

Watchdog says USPS doesn’t have a system to identify lessons learned

Latest Podcasts

A look at next week’s hearing on unidentified anomalous phenomena

Login.gov launches facial recognition option; the White House issues final Trust Regulation

HHS is working on a new AI strategic plan; Budget woes for government’s science and technology efforts

Meet the winners of the 2024 FedScoop 50; And, how the DOE sees itself counteracting the AI industry’s ‘profit motive’

Tech

Defense

Cyber

FedScoop TV