[ad_1]
“While the threat landscape is still very diverse, I still believe that the most significant risk that pipeline operators face is the threat of criminal ransomware operators impacting their production.”
The outcry against the previous directive highlights, in part, the very different environmental factors that OT systems face compared to IT systems. For instance, factors like critical downtime and the complexity of legacy systems often complicate the process of patch management. The previous directive said that pipeline operators could make a request to get permission to use their own techniques if these security requirements were unattainable. However, according to the Politico report this led to a quick backup due in part to an unanticipated volume of requests and limited staffing at the TSA.
The new directive comes with wording that intends to give more flexibility to deal with these factors. For instance, when it comes to applying multi-factor authentication or other security controls to improve password authentication, “if an owner/operator does not apply multi-factor authentication for access to industrial control workstations in control rooms regulated under 49 CFR parts 192 or 195, the owner/operator shall specify what compensating controls are used to manage access,” specified the new directive.
“In general, it appears that the TSA listened to the feedback provided by the industry on the prior security directive, and moved this recent directive towards a more objective set of achievable requirements rather than prescriptive,” said Marty Edwards, vice president of Operational Technology Security at Tenable. “However, it still appears that there are a number of fairly prescriptive requirements that pipeline operators will be required to comply with. This is an incredibly difficult balance to try to get right, and from my perspective, the TSA has done a reasonable job with this new set of security measures.”
In the fourteen months since the Colonial Pipeline attack, the pipeline sector has faced an “evolved and intensified” security threat, reinforcing the need for improved security measures, said the TSA. Edwards said the “bottom line” is that investment needs to continue in OT cybersecurity, both in the pipeline sector and across all critical infrastructure sectors.
“While the threat landscape is still very diverse, I still believe that the most significant risk that pipeline operators face is the threat of criminal ransomware operators impacting their production,” said Edwards. “Ensuring a baseline standard of care and implementing basic cybersecurity protections goes a long way to prevent these types of attacks from succeeding.”
[ad_2]
Source link