From May 7 to 12, 2021, the massive Colonial Pipeline refined oil product delivery system ground to a halt.
The Colonial Pipeline delivers about 45% of fuel for the East Coast, including gasoline, diesel fuel, heating oil, jet fuel and fuel used by the military.
The pipeline operators also shut down OT systems to prevent the malware from spreading.
In the wake of the Colonial attack, the TSA issued two pipeline security directives in FY 2021.
In regulated industries, governing bodies make recommendations to improve safety and outcomes.
The FDA has its Case for Quality program.
The Case for Quality program is designed to help identify device manufacturers that consistently produce high-quality devices.
This allows the FDA to identify participants with manufacturing practices that are of consistently high quality and also align with FDA laws and regulations.
It's a way to help other companies improve their manufacturing quality as well.
The FDA launched the Case for Quality in 2011 following an in-depth review of device quality data and feedback from both FDA and industry stakeholders.
The analysis revealed common manufacturing risks that impact product quality.
The FDA Case for Quality initiative treats compliance attainment as a baseline, not an end goal.
The FDA also works with the Medical Device Innovation Consortium and other stakeholders to foster medical device compliance and quality in a more collaborative manner.
The FAA uses a structured, systematic process that obligates organizations to manage safety with the same level of priority as other core business processes.
SMS is becoming a standard for the management of safety beyond aviation, such as in quality control, occupational safety and health, security and environment.
Regulators integrate modern safety risk management and assurance concepts into repeatable, proactive systems.
Perhaps cyber can take a cue from change management culture as well.
Some change management firms expect their clients to measure the contribution of their change management activities.
Change management certifier Prosci asked participants in a research study if they internally measured compliance with the change and overall performance in meeting project objectives.
The law requires critical infrastructure companies, including financial services, to report cybersecurity incidents, such as ransomware attacks, to the CISA. The industry is still far behind initiatives such as the FDA's in-depth quality analysis or the FAA's structured, systematic process.
This Cyber News was published on securityintelligence.com. Publication date: Wed, 27 Dec 2023 14:43:05 +0000