“Cybersecurity incidents affecting transportation are a growing, evolving and persistent threat,” Victoria Newhouse, TSA’s deputy assistant administrator, told the House Transportation Committee on Thursday. “Across US critical infrastructure, cyber threat actors have demonstrated their willingness and ability to conduct malicious cyber activities targeting critical infrastructure by exploiting the vulnerability of operational technology and information technology systems.”
Following the ransomware attack on Colonial Pipeline earlier this year, TSA issued two security directives mandating cybersecurity requirements on the pipeline industry.
Since the issuance of those security directives, pipeline operators have reported 591 cyber-related incidents, according to the Department of Homeland Security.
Of those 591 사건, one was rated as having a “low” impact, meaning it is “unlikely to affect public health or safety, 국가 안보, economic security, foreign relations, civil liberties, or public confidence.”
The rest were rated “negligible” 또는 “미성년자” — designations that are considered baseline and present even less concern than “low.”