[Federal Register Volume 86, Number 136 (Tuesday, July 20, 2021)]
[Rules and Regulations]
[Page 38209]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-15306]



 ========================================================================
 Rules and Regulations
                                                 Federal Register
 ________________________________________________________________________
 
 This section of the FEDERAL REGISTER contains regulatory documents 
 having general applicability and legal effect, most of which are keyed 
 to and codified in the Code of Federal Regulations, which is published 
 under 50 titles pursuant to 44 U.S.C. 1510.
 
 The Code of Federal Regulations is sold by the Superintendent of Documents. 
 
 ========================================================================
 

  Federal Register / Vol. 86, No. 136 / Tuesday, July 20, 2021 / Rules 
and Regulations  

[[Page 38209]]



DEPARTMENT OF HOMELAND SECURITY

6 CFR Chapter I

49 CFR Chapter XII

[DHS Docket No. DHS-2021-0026]


Ratification of Security Directive

AGENCY: Office of Strategy, Policy, and Plans, Department of Homeland 
Security (DHS).

ACTION: Notification of ratification of directive.

-----------------------------------------------------------------------

SUMMARY: DHS is publishing official notice that the Transportation 
Security Oversight Board (TSOB) has ratified Transportation Security 
Administration (TSA) Security Directive Pipeline-2021-01, which is 
applicable to certain owners and operators (Owner/Operators) of 
critical pipeline systems and facilities and requires actions to 
enhance pipeline cybersecurity.

DATES: The ratification was executed on July 3, 2021, and took effect 
on that date.

FOR FURTHER INFORMATION CONTACT: John D. Cohen, DHS Coordinator for 
Counterterrorism and Assistant Secretary for Counterterrorism and 
Threat Prevention, DHS Office of Strategy, Policy, and Plans, (202) 
282-9708, [email protected].

SUPPLEMENTARY INFORMATION:

I. Background

A. Ransomware Attack on the Colonial Pipeline Company

    On May 8, 2021, the Colonial Pipeline Company announced that it had 
halted its pipeline operations due to a ransomware attack. This attack 
temporarily disrupted critical supplies of gasoline and other refined 
petroleum products throughout the East Coast of the United States. 
Cybersecurity incidents affecting surface transportation systems, 
including pipelines, are a growing threat. The cyber-attack on Colonial 
Pipeline and resulting disruption of gasoline supplies to the East 
Coast demonstrate how criminal cyber actors are able to disrupt 
pipeline systems and networks in ways that threaten our national and 
economic security.

B. TSA Security Directive Pipeline-2021-01

    On May 27, 2021, the Senior Official Performing the Duties of the 
TSA Administrator issued Security Directive Pipeline-2021-01 (security 
directive) requiring Owner/Operators of critical pipeline systems and 
facilities to take crucial measures to enhance pipeline cybersecurity. 
TSA issued this security directive in accordance with 49 U.S.C. 
114(l)(2)(A), which authorizes TSA to issue emergency regulations or 
security directives without providing notice or public comment where 
``the Administrator determines that a regulation or security directive 
must be issued immediately in order to protect transportation security. 
. . .'' TSA took this emergency action in response to the attack on 
Colonial Pipeline, which demonstrated the significant threat such 
attacks pose to the country's infrastructure and its national and 
economic security as a result. The directive became effective on May 
28, 2021 and is set to expire on May 28, 2022.
    This security directive seeks to immediately enhance the 
cybersecurity of critical pipeline systems and facilities by requiring 
covered Owner/Operators to take three crucial actions to enhance 
pipeline cybersecurity. First, it requires TSA-specified Owner/
Operators of critical pipelines to promptly report cybersecurity 
incidents to the Cybersecurity and Infrastructure Security Agency 
(CISA). Second, it requires those Owner/Operators to designate a 
Cybersecurity Coordinator who must be available to TSA and CISA at all 
times to coordinate cybersecurity practices and address any incidents 
that arise. Third, it requires Owner/Operators to review their current 
cybersecurity practices against TSA's Pipeline Security Guidelines 
related to cybersecurity and to assess cyber risks, identify any gaps, 
and develop necessary remediation measures, along with a timeline for 
achieving them.

II. TSOB Ratification

    TSA has broad statutory responsibility and authority to safeguard 
the nation's transportation system, including pipelines.\1\ The TSOB--a 
body consisting of the heads of various interested Cabinet agencies, or 
their designees, and a representative of the National Security 
Council--reviews certain regulations and security directives consistent 
with law.\2\ Security directives issued pursuant to the procedures in 
49 U.S.C. 114(l)(2) ``shall remain effective for a period not to exceed 
90 days unless ratified or disapproved by the Board or rescinded by the 
Administrator.'' \3\ The chairman of the TSOB convened the Board for 
review of TSA Security Directive Pipeline-2021-01.\4\ Following its 
review, on July 3, 2021, the TSOB ratified the security directive.
---------------------------------------------------------------------------

    \1\ See, e.g., 49 U.S.C. 114(d), (f), (l), (m).
    \2\ See, e.g., 49 U.S.C. 115; 49 U.S.C. 114(l)(2).
    \3\ 49 U.S.C. 114(l)(2)(B).
    \4\ The Deputy Secretary of Homeland Security serves as chairman 
of the TSOB. DHS Delegation No. 7071.1, Delegation to the Deputy 
Secretary to Chair the Transportation Security Oversight Board (Apr. 
2, 2007). Although the Department of Energy (DOE) does not have a 
TSOB member under 49 U.S.C. 115(b), DOE was asked to review TSA 
Security Directive Pipeline-2021-01 during the TSOB ratification 
process and concurred with the ratification.

John K. Tien,
Deputy Secretary of Homeland Security & Chairman of the Transportation 
Security Oversight Board.
[FR Doc. 2021-15306 Filed 7-19-21; 8:45 am]
BILLING CODE 9110-9M-P