Ratification of Security Directive
| Citation | 86 FR 38209 |
| Record Number | 2021-15306 |
| Published date | 20 July 2021 |
| Section | Rules and Regulations |
| Court | Homeland Security Department |
Federal Register, Volume 86 Issue 136 (Tuesday, July 20, 2021)
[Federal Register Volume 86, Number 136 (Tuesday, July 20, 2021)]
[Rules and Regulations]
[Page 38209]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-15306]
========================================================================
Rules and Regulations
Federal Register
________________________________________________________________________
This section of the FEDERAL REGISTER contains regulatory documents
having general applicability and legal effect, most of which are keyed
to and codified in the Code of Federal Regulations, which is published
under 50 titles pursuant to 44 U.S.C. 1510.
The Code of Federal Regulations is sold by the Superintendent of Documents.
========================================================================
Federal Register / Vol. 86, No. 136 / Tuesday, July 20, 2021 / Rules
and Regulations
[[Page 38209]]
DEPARTMENT OF HOMELAND SECURITY
6 CFR Chapter I
49 CFR Chapter XII
[DHS Docket No. DHS-2021-0026]
Ratification of Security Directive
AGENCY: Office of Strategy, Policy, and Plans, Department of Homeland
Security (DHS).
ACTION: Notification of ratification of directive.
-----------------------------------------------------------------------
SUMMARY: DHS is publishing official notice that the Transportation
Security Oversight Board (TSOB) has ratified Transportation Security
Administration (TSA) Security Directive Pipeline-2021-01, which is
applicable to certain owners and operators (Owner/Operators) of
critical pipeline systems and facilities and requires actions to
enhance pipeline cybersecurity.
DATES: The ratification was executed on July 3, 2021, and took effect
on that date.
FOR FURTHER INFORMATION CONTACT: John D. Cohen, DHS Coordinator for
Counterterrorism and Assistant Secretary for Counterterrorism and
Threat Prevention, DHS Office of Strategy, Policy, and Plans, (202)
282-9708, [email protected].
SUPPLEMENTARY INFORMATION:
I. Background
A. Ransomware Attack on the Colonial Pipeline Company
On May 8, 2021, the Colonial Pipeline Company announced that it had
halted its pipeline operations due to a ransomware attack. This attack
temporarily disrupted critical supplies of gasoline and other refined
petroleum products throughout the East Coast of the United States.
Cybersecurity incidents affecting surface transportation systems,
including pipelines, are a growing threat. The cyber-attack on Colonial
Pipeline and resulting disruption of gasoline supplies to the East
Coast demonstrate how criminal cyber actors are able to disrupt
pipeline systems and networks in ways that threaten our national and
economic security.
B. TSA Security Directive Pipeline-2021-01
On May 27, 2021, the Senior Official Performing the Duties of the
TSA Administrator issued Security Directive Pipeline-2021-01 (security
directive) requiring Owner/Operators of critical pipeline systems and
facilities to take crucial measures to enhance pipeline cybersecurity.
TSA issued this security directive in accordance with 49 U.S.C.
114(l)(2)(A), which authorizes TSA to issue emergency regulations or
security directives without providing notice or public comment where
``the Administrator determines that a regulation or security directive
must be issued immediately in order to protect transportation security.
. . .'' TSA took this emergency action in response to the attack on
Colonial Pipeline, which demonstrated the significant threat such
attacks pose to the country's infrastructure and its national and
economic security as a result. The directive became effective on May
28, 2021 and is set to expire on May 28, 2022.
This security directive seeks to immediately enhance the
cybersecurity of critical pipeline systems and facilities by requiring
covered Owner/Operators to take three crucial actions to enhance
pipeline cybersecurity. First, it requires TSA-specified Owner/
Operators of critical pipelines to promptly report cybersecurity
incidents to the Cybersecurity and Infrastructure Security Agency
(CISA). Second, it requires those Owner/Operators to designate a
Cybersecurity Coordinator who must be available to TSA and CISA at all
times to coordinate cybersecurity practices and address any incidents
that arise. Third, it requires Owner/Operators to review their current
cybersecurity practices against TSA's Pipeline Security Guidelines
related to cybersecurity and to assess cyber risks, identify any gaps,
and develop necessary remediation measures, along with a timeline for
achieving them.
II. TSOB Ratification
TSA has broad statutory responsibility and authority to safeguard
the nation's transportation system, including pipelines.\1\ The TSOB--a
body consisting of the heads of various interested Cabinet agencies, or
their designees, and a representative of the National Security
Council--reviews certain regulations and security directives consistent
with law.\2\ Security directives issued pursuant to the procedures in
49 U.S.C. 114(l)(2) ``shall remain effective for a period not to exceed
90 days unless ratified or disapproved by the Board or rescinded by the
Administrator.'' \3\ The chairman of the TSOB convened the Board for
review of TSA Security Directive Pipeline-2021-01.\4\ Following its
review, on July 3, 2021, the TSOB ratified the security directive.
---------------------------------------------------------------------------
\1\ See, e.g., 49 U.S.C. 114(d), (f), (l), (m).
\2\ See, e.g., 49 U.S.C. 115; 49 U.S.C. 114(l)(2).
\3\ 49 U.S.C. 114(l)(2)(B).
\4\ The Deputy Secretary of Homeland Security serves as chairman
of the TSOB. DHS Delegation No. 7071.1, Delegation to the Deputy
Secretary to Chair the Transportation Security Oversight Board (Apr.
2, 2007). Although the Department of Energy (DOE) does not have a
TSOB member under 49 U.S.C. 115(b), DOE was asked to review TSA
Security Directive Pipeline-2021-01 during the TSOB ratification
process and concurred with the ratification.
John K. Tien,
Deputy Secretary of Homeland Security & Chairman of the Transportation
Security Oversight Board.
[FR Doc. 2021-15306 Filed 7-19-21; 8:45 am]
BILLING CODE 9110-9M-P
