Only two of six cybersecurity recommendations by the Government Accountability Office have been either partially or completely fulfilled by the Transportation Security Administration over the past six years, reports The Record, a news site by cybersecurity firm Recorded Future. Despite already completing short- and long-term cyber workforce expansion strategies, TSA has yet to finalize the inclusion of cybersecurity into an update for its 14-year-old Pipeline Security and Incident Recovery Protocol Plan, according to a GAO report. Meanwhile, TSA has not yet acted to implement recommendations to gauge ransomware-related support and cyber best practices adherence in the transportation sector, develop sector-specific guidance on ensuring internet-exposed device security, and evaluate operational technology-specific cybersecurity evaluations. Such a report comes as TSA was criticized by industry leaders regarding a proposed rule that would compel the submission of sensitive security information. "No system is perfectly secure, and aggregating so much vital information in one location would create a massive security vulnerability to the pipeline owners/operators with no corresponding benefit," said Kimberly Denbow of the American Gas Association at a House Homeland Security Subcommittee on Transportation and Maritime Security hearing.
Governance, Risk and Compliance
GAO finds gaps in TSA’s cybersecurity efforts

(Photo by Scott Olson/Getty Images)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds