قالب وردپرس درنا توس
Home / Insurance / TSA has not fully addressed cybersecurity issues in the pipeline: GAO

TSA has not fully addressed cybersecurity issues in the pipeline: GAO



The Transportation Security Administration has failed to address two key vulnerabilities related to the pipeline's cyber security, an official from the U.S. Department of Liability said in a testimony before a Senate committee on Tuesday. for responding to pipeline security incidents, said Leslie V. Gordon, acting director of Homeland Security and Justice, in a statement to the Senate Committee on Trade, Science and Transport.

The TSA, which is part of the Department of Homeland Security, referred to a written testimony given to the same Senate committee by TSA Administrator David P. Pekoske, which discussed the administration's efforts in this area. risk reduction of infrastructure, such as information on natural hazards and risk to cybersecurity p.

GAO has recommended to the TSA to develop data sources relevant to pipeline threats, vulnerabilities and disruption consequences, but as of June it had not fully taken up this recommendation, the statement said.

Regarding pipeline security incidents, the statement said that the TSA has not revised its 201

0 Pipeline Security and Incident Recovery Protocol Plan to reflect changes in pipeline security threats, including those related to cyber security.

GAO has recommended that the TSA regularly review and update the 2010 plan, and while the TSA has begun taking action on the issue, it had not fully addressed it in June 2021, the statement said.

Mr. Pekoske described TSA's pipeline safety efforts during his testimony. He said that after the colonial pipeline incident, the TSA issued a directive requiring pipeline owners and operators to appoint a cybersecurity coordinator.

The TSA also issued a directive requiring critical pipeline owners and operators to implement specific restrictive measures to protect against ransomware attacking, developing and implementing a cybersecurity plan for preparedness and recovery, and conducting a review of cybersecurity architecture.


Source link