38209 Rules and Regulations Federal Register Vol 86 No 136 Tuesday July 20 2021 This section of the FEDERAL REGISTER contains regulatory documents having general applicability and legal effect most of which are keyed to and codified in the Code of Federal Regulations which is published under 50 titles pursuant to 44 U S C 1510 The Code of Federal Regulations is sold by the Superintendent of Documents DEPARTMENT OF HOMELAND SECURITY 6 CFR Chapter I 49 CFR Chapter XII DHS Docket No DHS–2021–0026 Ratification of Security Directive Office of Strategy Policy and Plans Department of Homeland Security DHS ACTION Notification of ratification of directive AGENCY DHS is publishing official notice that the Transportation Security Oversight Board TSOB has ratified Transportation Security Administration TSA Security Directive Pipeline– 2021–01 which is applicable to certain owners and operators Owner Operators of critical pipeline systems and facilities and requires actions to enhance pipeline cybersecurity DATES The ratification was executed on July 3 2021 and took effect on that date FOR FURTHER INFORMATION CONTACT John D Cohen DHS Coordinator for Counterterrorism and Assistant Secretary for Counterterrorism and Threat Prevention DHS Office of Strategy Policy and Plans 202 282– 9708 john cohen@hq dhs gov SUPPLEMENTARY INFORMATION SUMMARY khammond on DSKJM1Z7X2PROD with RULES I Background A Ransomware Attack on the Colonial Pipeline Company On May 8 2021 the Colonial Pipeline Company announced that it had halted its pipeline operations due to a ransomware attack This attack temporarily disrupted critical supplies of gasoline and other refined petroleum products throughout the East Coast of the United States Cybersecurity incidents affecting surface transportation systems including pipelines are a growing threat The VerDate Sep 11 2014 15 59 Jul 19 2021 Jkt 253001 cyber-attack on Colonial Pipeline and resulting disruption of gasoline supplies to the East Coast demonstrate how criminal cyber actors are able to disrupt pipeline systems and networks in ways that threaten our national and economic security B TSA Security Directive Pipeline– 2021–01 On May 27 2021 the Senior Official Performing the Duties of the TSA Administrator issued Security Directive Pipeline-2021–01 security directive requiring Owner Operators of critical pipeline systems and facilities to take crucial measures to enhance pipeline cybersecurity TSA issued this security directive in accordance with 49 U S C 114 l 2 A which authorizes TSA to issue emergency regulations or security directives without providing notice or public comment where ‘‘the Administrator determines that a regulation or security directive must be issued immediately in order to protect transportation security ’’ TSA took this emergency action in response to the attack on Colonial Pipeline which demonstrated the significant threat such attacks pose to the country’s infrastructure and its national and economic security as a result The directive became effective on May 28 2021 and is set to expire on May 28 2022 This security directive seeks to immediately enhance the cybersecurity of critical pipeline systems and facilities by requiring covered Owner Operators to take three crucial actions to enhance pipeline cybersecurity First it requires TSA-specified Owner Operators of critical pipelines to promptly report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency CISA Second it requires those Owner Operators to designate a Cybersecurity Coordinator who must be available to TSA and CISA at all times to coordinate cybersecurity practices and address any incidents that arise Third it requires Owner Operators to review their current cybersecurity practices against TSA’s Pipeline Security Guidelines related to cybersecurity and to assess cyber risks identify any gaps and develop necessary remediation measures along with a timeline for achieving them PO 00000 Frm 00001 Fmt 4700 Sfmt 4700 II TSOB Ratification TSA has broad statutory responsibility and authority to safeguard the nation’s transportation system including pipelines 1 The TSOB—a body consisting of the heads of various interested Cabinet agencies or their designees and a representative of the National Security Council—reviews certain regulations and security directives consistent with law 2 Security directives issued pursuant to the procedures in 49 U S C 114 l 2 ‘‘shall remain effective for a period not to exceed 90 days unless ratified or disapproved by the Board or rescinded by the Administrator ’’ 3 The chairman of the TSOB convened the Board for review of TSA Security Directive Pipeline–2021–01 4 Following its review on July 3 2021 the TSOB ratified the security directive John K Tien Deputy Secretary of Homeland Security Chairman of the Transportation Security Oversight Board FR Doc 2021–15306 Filed 7–19–21 8 45 am BILLING CODE 9110–9M–P DEPARTMENT OF TRANSPORTATION Federal Aviation Administration 14 CFR Part 39 Docket No FAA–2021–0302 Project Identifier MCAI–2020–01596–R Amendment 39–21618 AD 2021–13–13 RIN 2120–AA64 Airworthiness Directives Leonardo S p a Helicopters Federal Aviation Administration FAA DOT ACTION Final rule AGENCY The FAA is adopting a new airworthiness directive AD for all SUMMARY 1 See e g 49 U S C 114 d f l m e g 49 U S C 115 49 U S C 114 l 2 3 49 U S C 114 l 2 B 4 The Deputy Secretary of Homeland Security serves as chairman of the TSOB DHS Delegation No 7071 1 Delegation to the Deputy Secretary to Chair the Transportation Security Oversight Board Apr 2 2007 Although the Department of Energy DOE does not have a TSOB member under 49 U S C 115 b DOE was asked to review TSA Security Directive Pipeline–2021–01 during the TSOB ratification process and concurred with the ratification 2 See E FR FM 20JYR1 SGM 20JYR1