The Transportation Security Administration Issues Revised Cybersecurity Requirements for Natural Gas Pipelines
The Transportation Security Administration (TSA) revised its cybersecurity standards for owners and operators of TSA-designated critical pipelines that transport natural gas or hazardous liquids. The security requirements were revised following feedback from the private sector and focus on performance-based measures to achieve cybersecurity resiliency. The new directive outlines four areas of future action. Operators and owners should: develop network segmentation policies to ensure safe operation during an attack, create access control measures to prevent unauthorized access to cyber systems, build detection policies to search for cybersecurity threats, and reduce the exploitation of unpatched systems by applying a series of security patches and updates for critical software. The natural gas industry has faced several major cybersecurity incidents in the last year that have raised alarm, including a ransomware attack on Colonial Pipeline in May 2021 that crippled gas flows for a week on the U.S. east coast and led to the first security directive issued by TSA and a piece of malware, dubbed PIPEDREAM, designed to destroy parts of natural gas plants, likely circulated by Russian threat actors in the wake of Russia’s invasion of Ukraine.
The United States and Saudi Arabia Sign Bilateral Cybersecurity Agreements
Officials from Saudi Arabia and the United States signed two bilateral agreements on cybersecurity cooperation during President Biden’s trip to Riyadh last week. The first agreement was between Saudi Arabia’s National Cybersecurity Authority and the FBI, the second one with the Cybersecurity Infrastructure Security Agency (CISA). In part. the agreements are targeted at Iran, which has launched a range of cyberattacks from website defacement and distributed denial-of-service attacks to espionage and ransomware against the two countries. Cyber agreements are being used to shore up a newly emerging regional architecture to deter and contain Iran The United States, for example, recently announcing a collaboration with Israel to combat cybercrime, and Israel and the United Arab Emirates have discussed shared cyber threats and exchanged threat intelligence on Hezbollah cyber operations.
China’s Cybersecurity Agency Fines Didi $1.2 Billion Over Data Privacy Concerns
China’s internet regulator, the Cyberspace Administration of China, announced it had fined ride-hailing company Didi $1.2 billion over the company’s data collection and security protections. The fine is the final outcome of a probe which came about after Didi pushed to list its stock on the New York Stock Exchange (NYSE) over the objections of Chinese regulators. The probe eventually led Didi to delist from the New York Stock Exchange less than a year after its debut and forced it to stop adding new users in China for over a year. Didi issued a statement apologizing for the violations and promised to improve its data collection and retention practices in the future. Didi’s is not alone among large Chinese technology firms in facing an investigation, as the Chinese government has flexed its regulatory muscle to crack down on technology firms over the past year.
FBI Investigation into Huawei Publicized
The results of 2019 FBI investigation into Huawei equipment were publicized earlier this week. Counterintelligence officials reportedly found significant concerns around Huawei equipment, including the installation of unnecessary, unprofitable cell tower equipment in areas near U.S. military bases. The equipment could possibly have been used to spy on restricted Department of Defense communications. The investigation reportedly played a direct role in the Federal Communication Commission’s (FCC) 2019 decision to blacklist Huawei and another Chinese firm, ZTE, to prevent them from receiving federal subsidies or being used in federal networks. The FCC has since allocated nearly $6 billion to remove and replace Huawei and ZTE equipment in the United States, although critics have argued that the program will likely take years and run over budget.
CHIPS Act Passed by the Senate and House of Representatives
The U.S. Senate and House of Representatives passed the Creating Helpful Incentives to Produce Semiconductors for America Plus (CHIPS+) Act this week, a $280 billion bill aimed at strengthening America’s manufacturing and technological capacities to compete with China. The bill will provide $52 billion in subsidies to domestic semiconductor manufacturers, $200 billion for scientific research for emerging technologies, and $10 billion for the Department of Commerce to create twenty regional technology hubs across the country. These hubs would link research universities with private industry to create centers for innovation in places where such funding is lacking. The National Science Foundation will receive new funding to accelerate the development of technologies critical to U.S. security and $61 billion to fund researchers at universities. Furthermore, the Energy Department’s Office of Science’s five-year authorization will increase to $50 billion to focus on clean energy, nuclear physics, and high-intensity lasers. The bill will likely be signed into law next week by President Biden, who hailed it in a statement as “an historic bill.”