Better TSA Tracking and Follow-up for the 2021 Security Directives Implementation Should Strengthen Pipeline Cybersecurity (REDACTED)

Date Issued

Wednesday, September 27, 2023

Submitting OIG

Department of Homeland Security OIG

Other Participating OIGs

Department of Homeland Security OIG

Agencies Reviewed/Investigated

Department of Homeland Security

Components

Transportation Security Administration (TSA)

Report Number

OIG-23-57

Report Description

The Transportation Security Administration’s (TSA) fiscal year 2021 pipeline security directives, if implemented, should strengthen pipeline operators’ posture against cyber threats. TSA considered and partially addressed stakeholder feedback when drafting these two directives. However, TSA did not ensure all pipeline operators timely adhered to security requirements contained in the directives.

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 3 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	No	$0	$0
We recommend the TSA Assistant Administrator for Policy, Plans, and Engagement, in consultation with interagency partners, such as the Department of Transportation, complete rulemaking that will permanently codify critical cybersecurity requirements for pipelines.
2	No	$0	$0
We recommend the TSA Assistant Administrator for Surface Operations develop standard operating procedures and a formal tracking system to ensure consistent tracking and follow-up of the implementation of security directives and eventual regulations.
3	No	$0	$0
We recommend the TSA Assistant Administrator for Surface Operations include in TSA’s standard operating procedures developed in response to recommendation 2, a requirement to conduct follow-up inspections that ensure pipeline operators have completed mitigation activities to address cybersecurity vulnerabilities.