TSA take steps to secure key infrastructure facilities in order to prevent and counteract cyberattacks

Jul 21, 2021 17:23 GMT  ·  By

The US Transportation Security Administration issued a regulation on Tuesday requiring oil pipeline owners to implement security measures for business and operational technology (OT) networks against ransomware and further cyber threats, according to Dark Reading

The TSA directive ranks second in the last two months for oil pipeline operators, signaling growing concern about serious cyber vulnerabilities in U.S. oil and gas infrastructure following the crushing ransomware attack on Colonial Pipeline in May. It also appears to be related to growing concerns about threats to critical U.S. infrastructure from Chinese government cyber threat groups.

Just last week, China's Ministry of State Security (MSS) was openly accused of using criminal hackers to conduct cyber espionage campaigns and destructive attacks against U.S. trade, government, and critical infrastructure targets.

In addition, a Chinese spear-phishing and cyber intrusion campaign between 2011 and 2013 targeting 23 U.S. gas pipeline companies was disclosed yesterday by U.S. Cybersecurity and Infrastructure Agency. The memo provides technical information and indicators on strategies, techniques, and processes used by the Chinese threat actors in this campaign, as well as mitigation measures.

To avoid and resist cyberattacks, critical pipeline operators must adhere to rigorous regulations 

These companies are now required to develop specific steps to mitigate ransomware attacks and other known risks to their OT and IoT networks. More precisely, they need to establish a cyberattack contingency and recovery strategy as well as conduct a security assessment. TSA mandated that all pipeline operators are required to report on all cyber incidents, strengthen response capabilities, conduct a threat assessment, and create a cybersecurity plan.

DHS stated that CISA's input on cyber threats to the pipeline industry and the technical means to address them are the basis for the recent regulations. CISA, meanwhile, defined its advice as a reminder of the TTPs used by Chinese threat actors during their 2011-2013 campaign to break into oil pipeline companies.

According to CISA, in 2011-2013, Chinese government-backed cybercriminals conducted attacks with the specific goal of gaining and retaining access to the business and OT networks of pipeline operators and owners. The goal was neither intellectual property theft nor financial gain. Rather, the motive was to remain on those networks for future cyberattacks.