“TSA is seeking to provide greater choice in the methods used to enhance cybersecurity; this could lead to faster compliance and stronger protection from threats,” said Duncan Greatwood, Xage CEO
Increased cyber threats have spurred continued action from the government, including multiple security directives from the Transportation Security Administration (TSA) for pipeline operators. The agency this week released theย latest versionย of its Pipeline Security directive; another step towards a more secure energy infrastructure.
Despite speculation that the TSA is easing up on requirements, Duncan Greatwood, CEO of Xage, explains that their updates dig in on core zero trust principles:
- โThe TSA is doubling down on some areas, such as access control and credential management for critical infrastructure systems, while relaxing some rules in other areas, such as lead times for incident reporting.โ
- โWhat comes through most strongly is the TSA approval of performance-based, rather than prescriptive, measures for cyber-hardening. Theyโre providing greater choice in the methods operators can use to enhance cybersecurity, which could significantly accelerate implementation timelines.โ
- โWhile this idea was already present in last yearโs draft regulations, under the name of โalternative methods,โ this ideaโnow called โcompensating controlsโโhas become central to access management requirements. The TSA is saying that any critical infrastructure element that lacks strong built-in security (as is the case with many operational assets) wonโt need to be uprooted. Instead, these critical assets will need โcompensating controlsโ to protect themโin other words, a way to protect vulnerable assets that makes up for their lack of built-in security capabilities.โ
ITechnology Cloud News: Carahsoft to Distribute HPE GreenLake Edge-to-Cloud Platform, Solutions and Services to the Public Sector
These insights come from first hand experience implementing technologies and tactics to reach compliance without impacting existing operational technology assets. Xage works with some of the largest pipelines in the US, and Greatwood explained that โpipeline operators see this update as an accelerator of cyber-hardening, not an indication that they can sit back and relax.ย They wouldnโt want to anywayโthe growing threat landscape is giving them even more of a wake up call than the TSA directives did in the first place.โ
Xage is delivering comprehensive zero trust security and already deploying TSA-approved solutions for regulated energy companies across the country,ย including:
- Access and Credential Management: TSA continues to stress access control and credential management. Xage provides granular identity-based access and credential management for all assets, including legacy assets, powered by its patented Xage Fabric. The Xage Fabric seamlessly overlays an operation to impose granular control over all interactions, without any asset or network changes.
ITechnology Cloud News: Centroid Is Trailblazing with a Strategic Cloud MSP Partnership with Oracle
- Compensating Controls and Multi-layer MFA: For the many critical systems that lack their own strong security controls and/or security integrations, Xageโs Fabric provides zero trust-based access control, including multi-layer MFA, delivering the โcompensating controlsโ required in the newest TSA regulations. In particular,ย Xageโsย multi-layer MFA capabilityย combines zero trust with a defense in-depth authentication strategy.
- Granular Zones, Conduits and Beyond:ย TSA also requires operational environments to be segmented into zones, interconnected with secure, controlled conduits, preventing contagion from zone-to-zone in the event of an initial breach. Xageโs Fabric acts as a mesh, providing session and protocol termination at each Xage node, guaranteeing the security of cross-zone conduits between the nodes, and ensuring that there is no unauthorized access to assets from outside or even from within each zone.
ITechnology Cloud News: National Express Enhances Employee and CX and Simplifies Travel with 8ร8 XCaaS
[To share your insights with us, please write toย sghosh@martechseries.com]
