The Transportation Security Administration (TSA) is extending two security directives for another year with updates to enhance cybersecurity and address emerging threats. These directives require pipeline operators to implement TSA-approved cybersecurity plans and focus on performance-based outcomes, allowing operators to choose suitable security measures. The updates come amidst increasing threats, such as Chinese-sponsored hacking and the Russia-Ukraine conflict, although industry representatives have criticized the directives as burdensome, finding support among Republicans in the government. Matt Bracken reports.

In an op-ed for CyberScoop, Axio's Richard Caralli discusses the increasing prevalence of cyberattacks on critical infrastructure, emphasizing the need for updated cybersecurity strategies. Traditional qualitative cyber risk management approaches are deemed insufficient for modern threats, advocating instead for a consequence-driven and quantitative risk framework that expresses risks in financial terms to guide strategic cybersecurity decisions. Cyber Risk Quantification (CRQ) is presented as an effective method to evaluate cybersecurity investments, ensuring they align with enterprise priorities, meet regulatory demands such as those proposed by the TSA, and ultimately bolster an organization’s proactive cybersecurity posture. Read the full op-ed here.