Policy Minute: TSA Cybersecurity Roadmap for Pipelines
On November 7, 2024, the Transportation Security Administration (the “TSA”) published a Notice of Proposed Rulemaking (the “Proposed Rule”) that would mandate cyber risk management (“CRM”) and reporting requirements for...more
Last year we made some predictions about 2024’s cyber landscape and major issues. Several proved prescient, with incident reporting, CISO scrutiny, SEC aggression, and new regulation of various sectors taking shape as the...more
Part of the Biden Administration’s push to enhance U.S. cybersecurity capabilities has focused on imposing new requirements on government contractors. The 2023 National Cybersecurity Strategy suggested, for example, that...more
U.S. supply chain security is increasingly under threat. The White House’s National Security Strategy describes this moment as an inflection point. Many federal agencies have taken charge in elevating the very concept of...more
Transportation services providers are increasingly facing new technology-oriented threats in day-to-day business. Recent cyberattacks and the potential for serious disruption from threat actors have drawn the attention of the...more
Regulatory interest in securing the nation’s energy infrastructure continued in 2023. On July 26, 2023, the Transportation Security Administration (TSA) announced significant updates to its security directive aimed at...more
As we enter the New Year, Wiley has looked back at the top cyber issues for 2023 and what they mean for 2024. Last year, we saw the rollout of the National Cybersecurity Strategy—which outlined a new era of cyber oversight—as...more
Cybersecurity vulnerability is emerging as a top-of-mind issue for transportation and logistics service providers, regulators, and criminals alike. Recent years have yielded headline-worthy ransomware attacks on domestic...more
On July 26, 2023, the Transportation Security Administration (TSA) issued a revised Security Directive governing the cybersecurity practices of owners and operators of critical liquid and natural gas pipelines and liquified...more
Cybersecurity continues to be top of mind for federal and state policymakers. This advisory identifies and analyzes some major recent developments that present opportunities and challenges in the coming months for a broad...more
The Department of Homeland Security’s Transportation Security Administration (“TSA”) has issued an amended directive on pipeline security, SD-Pipeline-2021-02D (the “Directive”). The Directive is based on and supersedes the...more
The Biden Administration recently reaffirmed its continued focus on cybersecurity by announcing an Implementation Plan for the National Cybersecurity Strategy (the Plan). The Plan provides a roadmap covering the policies and...more
Following the release of President Biden’s National Cybersecurity Strategy, Acting National Cyber Director Kemba Walden explained that the Biden Administration is “expecting more” from owners and operators in critical...more
After a rash of significant cybersecurity breaches and ransomware attacks affecting a wide set of industries, ranging from pipelines to technology companies, the Biden administration released its much-anticipated National...more
“Continued disruptions of critical infrastructure and thefts of personal data make clear that market forces alone have not been enough to drive broad adoption of best practices in cybersecurity and resilience.” National...more
Background Critical infrastructure providers confront unique cyber threats. The use of operational technology (OT) introduces risks that arise from, for example, legacy equipment that cannot readily be patched, updated, or...more
Operational technology (OT) is hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events. By design, OT underpins many critical...more
The Transportation Security Administration (TSA) published an Advance Notice of Proposed Rulemaking (ANPRM) on November 30, 2022, seeking stakeholder comment on ways to strengthen cybersecurity and resiliency for pipeline and...more
On October 18, 2022, the Transportation Security Administration (“TSA”) issued its Security Directive 1580/82-2022-01 on Rail Cybersecurity Mitigation Actions and Testing (the “Railroad Directive”), regulating designated...more
It has been over a year since the Colonial Pipeline cybersecurity incident, and the Department of Homeland Security’s Transportation Security Administration (“TSA”) continues to issue cybersecurity directives to owners and...more
Following significant collaboration with the industry, the Transportation Security Administration (TSA) issued a revised directive, effective July 27, 2022, which updates one of the prior directives issued in the wake of a...more
Cybersecurity has emerged as a tangible risk for transportation service providers over the course of the last year. Ransomware attacks on domestic industry and critical infrastructure, and tensions associated with the Russian...more
Late 2021 and early 2022 have been full of federal government activity related to cybersecurity incident reporting. Congress passed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 to require mandatory...more
This December, the Transportation Security Administration (TSA) issued a pair of Directives establishing cybersecurity measures for high-risk freight rail, passenger rail, and rail transit owners and operators. These...more
Cybersecurity threats to critical infrastructure systems are nothing new. But events over the last few years have been notable due to the seemingly increased frequency of successful attacks and the way those attacks have been...more