TSA updates gas pipeline cybersecurity guidelines

Image via Unsplash

The Transportation Security Administration (TSA) is updating its guidelines for oil and natural gas pipeline cybersecurity.

Developed with input from industry stakeholders and federal partners, including the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Transportation, the reissued security directive for critical pipeline companies follows the initial directive announced in July 2021 and renewed in July 2022. The directive includes updates that seek to strengthen the industry’s defenses against cyberattacks.

This security directive requires that TSA-specified owners and operators of pipeline systems take necessary action to prevent the disruption and degradation to their infrastructure. Updates to the security directive require oil and natural gas pipeline owners/operators to:

Annually submit an updated Cybersecurity Assessment Plan to TSA for review and approval.
Annually report the results from previous year assessments, with a schedule for assessing and auditing specific cybersecurity measures for effectiveness. TSA requires 100% of an owner/ operator’s security measures be assessed every three years.
Test at least two Cybersecurity Incident Response Plan (CIRP) objectives and include individuals serving in positions identified in the CIRP in their required annual exercises.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.