TSA to Issue Cybersecurity Rules for Pipeline Companies

New data-wiping Iranian threat actor hides under ransomware, New threat actor targets flaws in Bluetooth Core and Mesh Profile Specs, Operator of Deer.io sentenced to 30 months, more

Don’t miss out on upcoming content available to only premium subscribers. Plus, gain access to our archives by signing up for a premium subscription now. Thank you!

In the aftermath of the highly disruptive ransomware attack on Colonial Pipeline, the Transportation Safety Administration (TSA), a unit inside the Department of Homeland Security, will issue a security directive this week requiring pipeline companies to report cybersecurity incidents to federal authorities, according to DHS officials.

The directive will require pipeline companies to report cyber incidents to TSA and CISA and to have a security official, such as a chief information security officer, with a 24/7 direct line to TSA and CISA to report an attack. It will also require companies to assess the security of their systems against existing cyber guidelines, although fixing any gaps is voluntary.

In addition, TSA will issue more robust rules over the coming weeks that will require companies to correct any problems and ad…