After the Colonial pipeline attack, DHS presents new security rules

TSA worked with CISA to provide cybersecurity guidelines to prevent a repetition of major attacks

New rules relaesed by security expertsColonial pipeline attack and other incidents encouraged major changes.

The DHS's Transportation Security Administration (TSA) came out with new mandatory security rules and guidelines. These changes are forcing owners and operators of high importance pipelines to use more advanced cybersecurity protection programs as rising cyber threats become more prominent.

The most recent guidelines are second security directives, and those apply to all TSA-designated critical pipelines that transport hazardous liquids and natural gas[1]. It is believed that the latest security directive would help DHS to ensure that the pipeline sector does everything within its power to safeguard its operations.

US Cybersecurity and Infrastructure Agency (CISA), reportedly, has worked with TSA on the guidelines and informed the pipeline industry of the cybersecurity threat landscape. Technical countermeasures and step-by-step action plans were provided, with the biggest attention paid to ransomware attacks.

Previous attacks show that threats are always looming around

The newly issued directive is the second of TSA's, which was provided for oil pipeline operators in the last two months period. After the Colonial Pipeline ransomware attack back in May, signs that critical cyber vulnerabilities in US oil and gas infrastructure became a target for threat actors were all there.

After issuing a new TSA advisory, CISA shared alarming news on a Chinese spear-phishing and cyber-intrusion campaign that was active between 2011 and 2013. During that time, 23 US gas pipeline operators were targeted, and thirteen of those organizations were compromised, three had near misses, eight of them experienced an unknown depth of intrusion[2].

Similarly, the Colonial Pipeline attack showed true power behind such threats as the hack took down the largest fuel pipeline in the US and led to shortages across the East Coast. This result came from a simple but crucial cybersecurity error as a single compromised password was responsible for such failure[3].

Later on, it was identified that the important password was leaked on the dark web. However, Colonial employee's lackluster following of safety guidelines is at fault too. Apparently, a multi-factor authentication tool wasn't used. Therefore hackers obtained the correct username and used it for their own purposes.

Safety guidelines are imperative when concern for ransomware attacks is growing

Previous attacks showed that US oil and gas pipelines companies are not prepared to deal with modern threats such as ransomware attacks as most of the operators don't have enough knowledge on how these threats could affect the sector. Security programs and tools are lacking too.

In recent years, ransomware attacks became more common. As criminals target an organization’s data with encryption and leave instructions on infected computers for negotiating ransom payments, many worldwide companies fail to react in time and choose the correct safety path[4].

As each business returns to cyber safety guidelines and makes changes, common safety protocols should be followed as well. Privacy settings and functions like safe browsing shouldn't even be questioned. Secure usage of VPN connection is also a must as it's usually the main vulnerability for certain devices[5]. Passwords and a few steps of the authentication procedure should be used, and antivirus programs need to be updated periodically.

About the author
Linas Kiguolis
Linas Kiguolis - Expert in social media

Linas Kiguolis is one of News Editors and also the Social Media Manager of 2spyware project. He is an Applied Computer Science professional whose expertise in cyber security is a valuable addition to the team.

Contact Linas Kiguolis
About the company Esolutions

References
Files
Software
Compare