Critical Infrastructure Protection: TSA is Taking Steps to Address Some Pipeline Security Program Weaknesses, Statement of Leslie V. Gordon, Acting Director, Homeland Security and Justice, Statement Before the Committee on Commerce, Science, and Transportation, U.S. Senate [open pdf - 1MB]
From the Government Accountability Office (GAO) Highlights: "The nation's pipelines are vulnerable to cyber-based attacks due to increased reliance on computerized systems. In May 2021 malicious cyber actors deployed ransomware against Colonial Pipeline's business systems. The company subsequently disconnected certain systems that monitor and control physical pipeline functions so that they would not be compromised. This statement discusses TSA's [Transportation Security Administration] actions to address previous GAO findings related to weaknesses in its pipeline security program and TSA's guidance to pipeline owner/operators. It is based on prior GAO products issued in December 2018, June 2019, and March 2021, along with updates on actions TSA has taken to address GAO's recommendations as of June 2021. To conduct the prior work, GAO analyzed TSA documents; interviewed TSA officials, industry association representatives, and a sample of pipeline operators selected based on type of commodity transported and other factors; and observed TSA security reviews. GAO also reviewed TSA's May and July 2021 Pipeline Security Directives, TSA's Pipeline Security Guidelines, and three federal security alerts issued in July 2020, May 2021, and June 2021."
Government Accountability Office: http://www.gao.gov/