The National Institute of Standards and Technology (NIST) recently released the final “Framework for Improving Critical Infrastructure Cybersecurity.” The Framework addresses procedures and processes for reducing cyber risks to critical infrastructure – which includes the transportation sector and pipeline systems.
Continue Reading

In light of recent high profile pipeline incidents, PHMSA, among other federal agencies, is experiencing an unprecedented number of requests for disclosure of information under the Freedom of Information Act (FOIA) at 5 U.S.C. 552, et seq.  These requests often come from Congress, citizen groups, or other administrative agencies such as the NTSB.  FOIA, referred to as the public “right to know” statute, provides that any person has the right to obtain access to federal agency records, except to the extent that portions of those records are protected from public disclosure by one of 9 exemptions.  Most federal agencies have their own FOIA regulations.  For example, the Department of Transportation includes the FOIA statutory exemptions at 49 C.F.R. Part 7.13 and provides that the Agency’s policy is to make records available to the public to the greatest extent possible, including “providing reasonably segregable information from documents that contain information that may be withheld.”

Continue Reading

During his State of the Union Address, President Obama unveiled an Executive Order (EO) and Presidential Policy Directive (PPD) to improve critical infrastructure cybersecurity . The EO and PPD come in the wake of two failed attempts by Congress to pass cybersecurity legislation, and are generally aimed at seeking to improve relationships across the federal

On June 22, 2011, the House Homeland Security Committee is expected to conduct a mark-up of HR 901, the Chemical Facilities Anti-Terrorism Security (CFATS) Authorization Act of 2011. HR 901 would reauthorize the CFATS program through FY 2018 without burdensome mandates of so-called “inherently safer technology” (IST).

A new virus specifically aimed at SCADA systems has been discovered. The virus works on the Microsoft platform, and Siemens’ SCADA software appears particularly vulnerable. Pipeline operators are encouraged to contact Microsoft, or Siemens, for advice on investigation and fixes. The Department of Homeland Security encourages all operators of SCADA systems to be vigilant in