Megan Brown Quoted Extensively in Article on DHS Action on Pipeline Security

May 28, 2021

Megan L. Brown, partner in Wiley’s Privacy, Cyber & Data Governance, National Security, and Telecom, Media, & Technology practices, was featured prominently by Inside Cybersecurity in today’s article about the U.S. Department of Homeland Security’s (DHS) approach to pipeline security in the wake of the Colonial Pipeline cyber attack.

As Inside Cybersecurity reported, the Transportation Security Administration (TSA) issued a Security Directive on Thursday requiring pipeline owners and operators to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA), designate a corporate cyber coordinator, and assess how their current cybersecurity practices align with TSA’s voluntary guidelines. Senior DHS officials said the directive will be followed with a set of mandatory rules for the sector. DHS noted a “significant shift” in approach by TSA and CISA toward critical infrastructure operators.

“DHS remains a trusted partner for industry but this could suggest a shift in which the government moves to ‘trust but verify.’ My concern is that the ‘verify’ part may be unduly burdensome and disruptive for organizations whose incidents are very much unfolding, some of which may be completely benign but will demand legal review and concern, and reporting that will trigger government follow up that will distract operators from incident management.,” Ms. Brown told Inside Cybersecurity.

Ms. Brown said the directive “seems a little reactive, responding to headlines and recent events, rather than being based on a careful risk assessment and path forward. Pipeline security is important, of course, but many other areas are too, and this sector had the misfortune of being in the news. It may not be the best use of DHS and TSA resources. Hopefully DHS is committed to protecting this information from public and other disclosure.”

To read the article, click here (subscription required).