As cybersecurity directives expire for covered infrastructures, the Transportation Security Administration (TSA) plans to reissue recent directives with the added requirement that affected entities perform tabletop exercises to check their cyber incident response plans, David Pekoske, the agency’s chief, said last week.
The exercises will transcend just a selected company to incorporate other stakeholders, he said last Thursday as a part of a cybersecurity panel hosted by the Center for Strategic and International Studies.
TSA already did a tabletop exercise at a cyber range in Boston with an organization and “we found the educational from that to be incredible,” Pekoske said. “It was necessary to grasp the way you’re going to receive information on when a cyber-attack occurred. It will not be through traditional signifies that you’ll normally expect to see it. Secondly, how do you pivot from responding to the cyber incident to responding to what might be a crisis in lots of cases depending on the extent of the intrusion and the extent of impact on the general public from a security and security, and from an availability of services perspective?”
Along with the TSA, the Cybersecurity and Infrastructure Security Agency and the FBI also participated within the recent tabletop exercise. That was “reassuring” to the corporate since it showed “that there’s some increased level of coordination,” he said.
Following a ransomware attack in May 2021 against the knowledge technology (IT) network of pipeline operator Colonial Pipeline, which shutdown its operating systems to make sure the attack didn’t compromise its operating technology (OT). The shutdown led to shortages of gasoline in some areas of the East Coast.
Immediately following the incident, TSA leaned on existing authorities to start requiring pipeline operators to report certain cyber security incidents. Then, in July, the agency expanded its requirements to some firms within the pipeline sector to take specific mitigation measures to guard against ransomware and other known threats to their IT and OT systems, develop a cybersecurity contingency and get well plan, and conduct a cybersecurity architecture design review.
A 12 months later, TSA and its industry stakeholders re-worked the regulations to be performance-based that outlined 4 key outcomes, including network segmentation, plans for access control of critical cyber systems, perform continuous monitoring and detection for cyber intrusions, and have a prioritized plan for patching and upgrading systems that is a component of a cybersecurity implementation plan.