2023年7月26日 · TSA requires 100% of an owner/ operator’s security measures be assessed every three years. Test at least two Cybersecurity Incident Response Plan (CIRP) objectives and include individuals serving in positions identified in the CIRP in their required annual exercises.

Finally, the revised SD also includes additional Cybersecurity Incident Response Plan (CIRP) exercise requirements. According to the new provisions, owner/operators are now required to

2022年7月21日 · Following the May 2021 ransomware attack on a major pipeline, TSA issued several security directives mandating that critical pipeline owners and operators implement several urgently needed cybersecurity measures.

2023年7月27日 · Oil and natural gas pipeline owners must now: Submit an updated cybersecurity assessment plan to the TSA annually for review and approval. Report the results from prior year assessments every year and include a schedule for assessing and auditing specific cybersecurity measures to ensure they are effective.

2023年8月16日 · According to the updated security directive, the five CIRP objectives identified by TSA for pipeline operators are containment, segregation, secure access to critical systems, integrity of backup data, and isolation of IT from OT systems.

2023年7月27日 · TSA identifies new requirements that the CIRP exercises must include as owners/operators are required to test at least two CIRP objectives (e.g., containment, segregation, security, and integrity of back-up data; and isolation of IT/OT) no less than annually. They must also include employees identified by position as active participants in the ...

2024年11月19日 · Cybersecurity Incident Response Plan (CIRP): Existing Directives: Operators must develop and implement a CIRP to address and mitigate cyber incidents. NPRM: Reinforces the necessity of a CIRP, ensuring preparedness for potential cyber threats. ‍

2024年2月21日 · The directive builds on the TSA’s prior mandate regarding cybersecurity incident response plans (CIRP), now requiring the testing of at least two objectives annually. Objectives include prompt containment, segregation, security and integrity of backed-up data, and established capability and governance for isolating certain systems.

2023年9月11日 · Revised Cybersecurity Incident Response Plan (CIRP) Requirements (Section III.F.1.e): There are new mandates for the CIRP exercises, which include: - Annual testing of at least two CIRP objectives. - The compulsory inclusion of designated employees in …

2024年11月7日 · Establish and implement a TSA-approved CIP that describes the specific cybersecurity measures employed to protect Critical Cyber Systems, as defined by the owner/operator, and the schedule for achieving the security outcomes identified by TSA. Develop and maintain an up-to-date CIRP to reduce the risk of operational disruption, or the risk of ...