Ratification of Security Directive, 38209 [2021-15306]
Download as PDF
<![CDATA[
38209
Rules and Regulations
Federal Register
Vol. 86, No. 136
Tuesday, July 20, 2021
This section of the FEDERAL REGISTER
contains regulatory documents having general
applicability and legal effect, most of which
are keyed to and codified in the Code of
Federal Regulations, which is published under
50 titles pursuant to 44 U.S.C. 1510.
The Code of Federal Regulations is sold by
the Superintendent of Documents.
DEPARTMENT OF HOMELAND
SECURITY
6 CFR Chapter I
49 CFR Chapter XII
[DHS Docket No. DHS–2021–0026]
Ratification of Security Directive
Office of Strategy, Policy, and
Plans, Department of Homeland
Security (DHS).
ACTION: Notification of ratification of
directive.
AGENCY:
DHS is publishing official
notice that the Transportation Security
Oversight Board (TSOB) has ratified
Transportation Security Administration
(TSA) Security Directive Pipeline–
2021–01, which is applicable to certain
owners and operators (Owner/
Operators) of critical pipeline systems
and facilities and requires actions to
enhance pipeline cybersecurity.
DATES: The ratification was executed on
July 3, 2021, and took effect on that
date.
FOR FURTHER INFORMATION CONTACT: John
D. Cohen, DHS Coordinator for
Counterterrorism and Assistant
Secretary for Counterterrorism and
Threat Prevention, DHS Office of
Strategy, Policy, and Plans, (202) 282–
9708, john.cohen@hq.dhs.gov.
SUPPLEMENTARY INFORMATION:
SUMMARY:
khammond on DSKJM1Z7X2PROD with RULES
I. Background
A. Ransomware Attack on the Colonial
Pipeline Company
On May 8, 2021, the Colonial Pipeline
Company announced that it had halted
its pipeline operations due to a
ransomware attack. This attack
temporarily disrupted critical supplies
of gasoline and other refined petroleum
products throughout the East Coast of
the United States. Cybersecurity
incidents affecting surface
transportation systems, including
pipelines, are a growing threat. The
VerDate Sep<11>2014
15:59 Jul 19, 2021
Jkt 253001
cyber-attack on Colonial Pipeline and
resulting disruption of gasoline supplies
to the East Coast demonstrate how
criminal cyber actors are able to disrupt
pipeline systems and networks in ways
that threaten our national and economic
security.
B. TSA Security Directive Pipeline–
2021–01
On May 27, 2021, the Senior Official
Performing the Duties of the TSA
Administrator issued Security Directive
Pipeline-2021–01 (security directive)
requiring Owner/Operators of critical
pipeline systems and facilities to take
crucial measures to enhance pipeline
cybersecurity. TSA issued this security
directive in accordance with 49 U.S.C.
114(l)(2)(A), which authorizes TSA to
issue emergency regulations or security
directives without providing notice or
public comment where ‘‘the
Administrator determines that a
regulation or security directive must be
issued immediately in order to protect
transportation security. . . .’’ TSA took
this emergency action in response to the
attack on Colonial Pipeline, which
demonstrated the significant threat such
attacks pose to the country’s
infrastructure and its national and
economic security as a result. The
directive became effective on May 28,
2021 and is set to expire on May 28,
2022.
This security directive seeks to
immediately enhance the cybersecurity
of critical pipeline systems and facilities
by requiring covered Owner/Operators
to take three crucial actions to enhance
pipeline cybersecurity. First, it requires
TSA-specified Owner/Operators of
critical pipelines to promptly report
cybersecurity incidents to the
Cybersecurity and Infrastructure
Security Agency (CISA). Second, it
requires those Owner/Operators to
designate a Cybersecurity Coordinator
who must be available to TSA and CISA
at all times to coordinate cybersecurity
practices and address any incidents that
arise. Third, it requires Owner/
Operators to review their current
cybersecurity practices against TSA’s
Pipeline Security Guidelines related to
cybersecurity and to assess cyber risks,
identify any gaps, and develop
necessary remediation measures, along
with a timeline for achieving them.
PO 00000
Frm 00001
Fmt 4700
Sfmt 4700
II. TSOB Ratification
TSA has broad statutory
responsibility and authority to safeguard
the nation’s transportation system,
including pipelines.1 The TSOB—a
body consisting of the heads of various
interested Cabinet agencies, or their
designees, and a representative of the
National Security Council—reviews
certain regulations and security
directives consistent with law.2 Security
directives issued pursuant to the
procedures in 49 U.S.C. 114(l)(2) ‘‘shall
remain effective for a period not to
exceed 90 days unless ratified or
disapproved by the Board or rescinded
by the Administrator.’’ 3 The chairman
of the TSOB convened the Board for
review of TSA Security Directive
Pipeline–2021–01.4 Following its
review, on July 3, 2021, the TSOB
ratified the security directive.
John K. Tien,
Deputy Secretary of Homeland Security &
Chairman of the Transportation Security
Oversight Board.
[FR Doc. 2021–15306 Filed 7–19–21; 8:45 am]
BILLING CODE 9110–9M–P
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Part 39
[Docket No. FAA–2021–0302; Project
Identifier MCAI–2020–01596–R; Amendment
39–21618; AD 2021–13–13]
RIN 2120–AA64
Airworthiness Directives; Leonardo
S.p.a. Helicopters
Federal Aviation
Administration (FAA), DOT.
ACTION: Final rule.
AGENCY:
The FAA is adopting a new
airworthiness directive (AD) for all
SUMMARY:
1 See,
e.g., 49 U.S.C. 114(d), (f), (l), (m).
e.g., 49 U.S.C. 115; 49 U.S.C. 114(l)(2).
3 49 U.S.C. 114(l)(2)(B).
4 The Deputy Secretary of Homeland Security
serves as chairman of the TSOB. DHS Delegation
No. 7071.1, Delegation to the Deputy Secretary to
Chair the Transportation Security Oversight Board
(Apr. 2, 2007). Although the Department of Energy
(DOE) does not have a TSOB member under 49
U.S.C. 115(b), DOE was asked to review TSA
Security Directive Pipeline–2021–01 during the
TSOB ratification process and concurred with the
ratification.
2 See,
E:\FR\FM\20JYR1.SGM
20JYR1
]]>Agencies
[Federal Register Volume 86, Number 136 (Tuesday, July 20, 2021)]
[Rules and Regulations]
[Page 38209]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-15306]
�========================================================================
�Rules and Regulations
� Federal Register
�________________________________________________________________________
�
�This section of the FEDERAL REGISTER contains regulatory documents
�having general applicability and legal effect, most of which are keyed
�to and codified in the Code of Federal Regulations, which is published
�under 50 titles pursuant to 44 U.S.C. 1510.
�
�The Code of Federal Regulations is sold by the Superintendent of Documents.
�
�========================================================================
�
��Federal Register / Vol. 86, No. 136 / Tuesday, July 20, 2021 / Rules
and Regulations��
[[Page 38209]]
DEPARTMENT OF HOMELAND SECURITY
6 CFR Chapter I
49 CFR Chapter XII
[DHS Docket No. DHS-2021-0026]
Ratification of Security Directive
AGENCY: Office of Strategy, Policy, and Plans, Department of Homeland
Security (DHS).
ACTION: Notification of ratification of directive.
-----------------------------------------------------------------------
SUMMARY: DHS is publishing official notice that the Transportation
Security Oversight Board (TSOB) has ratified Transportation Security
Administration (TSA) Security Directive Pipeline-2021-01, which is
applicable to certain owners and operators (Owner/Operators) of
critical pipeline systems and facilities and requires actions to
enhance pipeline cybersecurity.
DATES: The ratification was executed on July 3, 2021, and took effect
on that date.
FOR FURTHER INFORMATION CONTACT: John D. Cohen, DHS Coordinator for
Counterterrorism and Assistant Secretary for Counterterrorism and
Threat Prevention, DHS Office of Strategy, Policy, and Plans, (202)
282-9708, [email protected].
SUPPLEMENTARY INFORMATION:
I. Background
A. Ransomware Attack on the Colonial Pipeline Company
On May 8, 2021, the Colonial Pipeline Company announced that it had
halted its pipeline operations due to a ransomware attack. This attack
temporarily disrupted critical supplies of gasoline and other refined
petroleum products throughout the East Coast of the United States.
Cybersecurity incidents affecting surface transportation systems,
including pipelines, are a growing threat. The cyber-attack on Colonial
Pipeline and resulting disruption of gasoline supplies to the East
Coast demonstrate how criminal cyber actors are able to disrupt
pipeline systems and networks in ways that threaten our national and
economic security.
B. TSA Security Directive Pipeline-2021-01
On May 27, 2021, the Senior Official Performing the Duties of the
TSA Administrator issued Security Directive Pipeline-2021-01 (security
directive) requiring Owner/Operators of critical pipeline systems and
facilities to take crucial measures to enhance pipeline cybersecurity.
TSA issued this security directive in accordance with 49 U.S.C.
114(l)(2)(A), which authorizes TSA to issue emergency regulations or
security directives without providing notice or public comment where
``the Administrator determines that a regulation or security directive
must be issued immediately in order to protect transportation security.
. . .'' TSA took this emergency action in response to the attack on
Colonial Pipeline, which demonstrated the significant threat such
attacks pose to the country's infrastructure and its national and
economic security as a result. The directive became effective on May
28, 2021 and is set to expire on May 28, 2022.
This security directive seeks to immediately enhance the
cybersecurity of critical pipeline systems and facilities by requiring
covered Owner/Operators to take three crucial actions to enhance
pipeline cybersecurity. First, it requires TSA-specified Owner/
Operators of critical pipelines to promptly report cybersecurity
incidents to the Cybersecurity and Infrastructure Security Agency
(CISA). Second, it requires those Owner/Operators to designate a
Cybersecurity Coordinator who must be available to TSA and CISA at all
times to coordinate cybersecurity practices and address any incidents
that arise. Third, it requires Owner/Operators to review their current
cybersecurity practices against TSA's Pipeline Security Guidelines
related to cybersecurity and to assess cyber risks, identify any gaps,
and develop necessary remediation measures, along with a timeline for
achieving them.
II. TSOB Ratification
TSA has broad statutory responsibility and authority to safeguard
the nation's transportation system, including pipelines.\1\ The TSOB--a
body consisting of the heads of various interested Cabinet agencies, or
their designees, and a representative of the National Security
Council--reviews certain regulations and security directives consistent
with law.\2\ Security directives issued pursuant to the procedures in
49 U.S.C. 114(l)(2) ``shall remain effective for a period not to exceed
90 days unless ratified or disapproved by the Board or rescinded by the
Administrator.'' \3\ The chairman of the TSOB convened the Board for
review of TSA Security Directive Pipeline-2021-01.\4\ Following its
review, on July 3, 2021, the TSOB ratified the security directive.
---------------------------------------------------------------------------
\1\ See, e.g., 49 U.S.C. 114(d), (f), (l), (m).
\2\ See, e.g., 49 U.S.C. 115; 49 U.S.C. 114(l)(2).
\3\ 49 U.S.C. 114(l)(2)(B).
\4\ The Deputy Secretary of Homeland Security serves as chairman
of the TSOB. DHS Delegation No. 7071.1, Delegation to the Deputy
Secretary to Chair the Transportation Security Oversight Board (Apr.
2, 2007). Although the Department of Energy (DOE) does not have a
TSOB member under 49 U.S.C. 115(b), DOE was asked to review TSA
Security Directive Pipeline-2021-01 during the TSOB ratification
process and concurred with the ratification.
John K. Tien,
Deputy Secretary of Homeland Security & Chairman of the Transportation
Security Oversight Board.
[FR Doc. 2021-15306 Filed 7-19-21; 8:45 am]
BILLING CODE 9110-9M-P
