Full Report
New presidents bring new policies. But amid rapidly expanding cyber threats, steady leadership at the federal agencies charged with securing critical infrastructure is, well, critical. David Pekoske, a retired U.S. Coast Guard vice admiral and administrator of the Transportation Security Administration, is uniquely positioned to provide that leadership. Congress showed foresight in 2018 by creating […] The post Steady leadership prepares TSA to face evolving cyber threats appeared first on CyberScoop.
Analysis Summary
# Main Topic
The ongoing need for steady federal leadership, highlighted by TSA Administrator David Pekoske's tenure, to address rapidly expanding cyber threats targeting critical U.S. transportation infrastructure (pipelines, railroads, and aviation).
## Key Points
- David Pekoske's continued leadership at the Transportation Security Administration (TSA) provides essential continuity amidst leadership transitions in other federal agencies.
- TSA, under Pekoske, shifted from voluntary cooperation to mandatory security directives for critical infrastructure operators following the Colonial Pipeline attack in May 2021.
- Initial security directives were criticized by industry for being too rigid, leading TSA to adopt an "outcome-focused, performance-based model" based on industry feedback.
- TSA announced a proposed rule to formalize cybersecurity requirements, expected to impact about 37% of public transportation agencies, 12% of freight railroads, and 115 pipeline facilities.
- The proposed rule is grounded in NIST ransomware practices and CISA's cybersecurity performance goals.
- TSA has adopted on-site, direct information sharing sessions with the aviation industry to address concerns over securely handling sensitive security data submitted electronically.
## Threat Actors
- No specific named threat actors or groups are detailed in relation to direct TTPs, but the context references national security threats generally and the impact of ransomware attacks (e.g., Colonial Pipeline).
## TTPs
- The article focuses on the defensive and regulatory responses rather than offensive TTPs, but the required mitigations imply common TTPs such as:
- Executing ransomware attacks (referenced via Colonial Pipeline incident).
- Vulnerabilities in critical infrastructure systems.
- Lack of robust incident response capabilities.
## Affected Systems
- Critical Infrastructure sectors under TSA purview:
- Pipelines (federal lead for cybersecurity).
- Railroads (freight and passenger).
- Aviation systems.
- Specific metrics mentioned for the proposed rule's impact:
- ~37% of public transportation agencies.
- 12% of freight railroads.
- 115 pipeline facilities and systems.
## Mitigations
- **Regulatory/Mandatory:** Issuance and renewal of TSA security directives requiring incident response, vulnerability assessments, and advanced threat detection.
- **Policy Shift:** Moving towards "outcome-focused, performance-based model" instead of overly prescriptive rules.
- **Alignment to Standards:** Ensuring proposed rules are grounded in NIST ransomware practices and CISA performance goals.
- **Information Sharing:** Conducting on-site inspections for sensitive data discussion as an alternative to electronic submission.
- **Resource Augmentation:** Requesting funding for 41 additional cybersecurity experts.
## Conclusion
TSA leadership under David Pekoske has successfully transformed the agency's role in critical infrastructure cybersecurity, evolving from initial regulatory rigidity to a more collaborative, performance-based security approach grounded in national standards. The forthcoming proposed rule represents a crucial step toward codifying these necessary protective measures across surface transportation, which is vital for national security and economic stability. Continued focus on resource acquisition and harmonization of regulations remains key to effective threat mitigation.