The TSA released an updated version of its cybersecurity requirements for pipeline owners and operators. The revised TSA pipeline security directive aims to further enhance security and resilience after releasing their first security directive last year in July.
The original TSA pipeline security directive followed in the wake of the Colonial Pipeline attack, which we discussed and also covered methods to remain more secure in this environment of heightened attacks on critical infrastructure. Similarly, the Biden administration released an executive order calling for Zero Trust in response to the increased attacks on critical infrastructure. The reissued directive from the TSA now focuses on performance-based measures to achieve critical cybersecurity outcomes that get you closer to a Zero Trust architecture.
The new directive outlines four approaches: “The reissued security directive takes an innovative, performance-based approach to enhancing security, allowing industry to leverage new technologies and be more adaptive to changing environments. The security directive requires that TSA-specified owners and operators of pipeline and liquefied natural gas facilities take action to prevent disruption and degradation to their infrastructure.”
What are TSA’s Pipeline Security Directive Requirements for Owners and Operators
Below we are reviewing the four approaches outlined in the TSA pipeline security directive and how ConsoleWorks supports its needs for pipeline owners and operators:
- Develop network segmentation policies and controls to ensure that the Operational Technology system can continue to safely operate in the event that an Information Technology system has been compromised and vice versa.
ConsoleWorks monitors all system events from the endpoint to the network equipment used to segment your infrastructure and pulls configurations from each to establish a “known-good” baseline of the configuration. Once there is a change event, authorized or not, ConsoleWorks can be setup to alarm the asset owner of the change. For example, it will see when firewalls, switches, or other network device settings are changed and deviate from the initial baseline settings.
Should a user change these settings, intentionally or not, ConsoleWorks will tell you exactly by who and when these settings were changed. By validating your configuration baselines ConsoleWorks ensures operational reliability of your network segmentation. It also ensures that your asset inventory doesn’t drift from its established baselines and leave you open to security gaps.
- Create access control measures to secure and prevent unauthorized access to critical cyber systems.
Proper access control measures are a necessary tool to mitigate cyber intrusions. Implementing a least-privilege role-based access control methodology allows an organization to increase its Zero Trust security maturity model. ConsoleWorks inherently limits the capabilities of an intruder who gains access to a user’s account. As your first line of defense, it defends your systems and prevents unrestricted access through the use of user and device profiles with granular security Access Control Rules (ACR’s). Its secure remote access ensures only privileged actors have access to your devices.
ConsoleWorks will even allow you to control which commands the user is able to execute by controlling the exact inputs they are allowed to enter. If a user tries to act in a way that is not congruent with their role, ConsoleWorks alerts a supervisor or boots the user off the system. This ensures that an unintended or a malicious command cannot be executed. It even provides user context awareness. Things like location, device, and other attributes, are checked every time a user attempts to enter the network.
And last but not least, with a cybersecurity platform like ConsoleWorks, all user activity is captured for playback and forensic auditing and/or analysis.
- Build continuous monitoring and detection policies and procedures to detect cybersecurity threats and correct anomalies that affect critical cyber system operations.
ConsoleWorks collects and logs all data from your network equipment and your endpoints for correlation and normalization, allowing thresholds and alerts to be setup to ensure that you are notified appropriately when things are out of the normal within your operations.
These two components, of both user and endpoint, give you a full picture, rather than one half. An instrumental challenge with other log aggregation systems and network security auditing software is that during the course of log analysis those systems use the timestamp from the asset itself. Multiple, different timestamps through the course of an event makes it complicated to correlate activities and efficiently determine the root cause of the event.
With ConsoleWorks’ complete situational awareness you get a central pane of glass to better understand what is happening, where and by whom, minimizing the mean time to response to a critical event.
- Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers and firmware on critical cyber systems in a timely manner using a risk-based methodology.
ConsoleWorks uses its Baseline Configuration Management to identify system and software versioning. This can be leveraged to integrate with industry or custom solutions to assist in automating the patch gaps. After the initial collection is sent, it can continually execute the process on a pre-defined schedule, per policy or compliance requirement.
ConsoleWorks Helps You Meet the TSA Pipeline Security Directive Requirements
ConsoleWorks helps enforce your critical security requirements, as outlined here in the TSA pipeline security directive by enforcing least-privileged access, logging, monitoring, and alerting as well as monitoring patch and configuration changes. It’s a cybersecurity operations platform that can help critical infrastructure attain its Zero Trust goals. Should you have any questions about your cybersecurity, the TSA security directive, or around what meeting your security needs looks like, you can always talk to us here.