Return to list of client alerts
TSA, the folks that try to secure our airports, with differing degrees of success, depending on who you talk to, are also responsible for protecting pipelines.
After the Colonial Pipeline hack, TSA was told to step things up. Up until then, TSA’s reputation was as the pipeline operators’ friend and not really their regulator.
Unfortunately, they were told to just do it and they really don’t have much expertise when it comes to Industrial Internet of Things (IIoT) devices. They also don’t have many people to run the project. In fact they don’t have a lot of expertise when it comes to cyber in general. After all, how much cyber expertise do you need to pat people down for guns at airports?
Oil and gas pipeline operators say the TSA’s cyber regulations are full of unwieldy or baffling requirements that could actually jeopardize pipeline safety and fuel supplies. Others in the energy sector, and cyber experts who help defend these systems, agree with these objections and say the TSA’s small cyber team has been overwhelmed by a flood of industry requests for workarounds.
To summarize this, one cyber security expert said: “In every sense, TSA has screwed this up”.
The problem is that if the pipeline operators do follow what TSA is asking them to do, they will likely have more outages, more downtime and less security.
This will impact everyone as the confusion and dumb requirements will increase costs and guess who gets to pay for that.
Thanks TSA. I feel safer already.
Learn more about the problem here.