Sunday, June 29, 2025
Home News TSA revises and reissues cybersecurity requirements for pipeline owners and operators

TSA revises and reissues cybersecurity requirements for pipeline owners and operators

The United States government body, Transportation Security Administration (TSA) has announced that it is revising and reissuing its Security Directive on oil and natural gas pipeline cyber security.

This directive will continue the effort to build cybersecurity resilience for the pipelines, according to a statement.

The directive extends the cybersecurity requirements for another year (starting from last July) and focuses on non-binding performance-based measures so that there are critical cyber results.

“TSA is committed to keeping the nation’s transportation systems safe from cyberattacks. This revised security directive follows significant collaboration between TSA and the oil and natural gas pipeline industry. The directive establishes a new model that accommodates variance in systems and operations to meet our security requirements,” said TSA administrator David Pekoske.

“We recognise that every company is different, and we have developed an approach that accommodates that fact, supported by continuous monitoring and auditing to assess achievement of the needed cybersecurity outcomes. We will continue working with our partners in the transportation sector to increase cybersecurity resilience throughout the system and acknowledge the significant work over the past year to protect this critical infrastructure,” he added.

It is important to note that May 2021 ransomware attack on a major pipeline had TSA to issue several security directives requiring that owners and operators of critical pipelines implement several urgently needed cybersecurity measures.

TSA intends to initiate the formal rulemaking process, which will provide an opportunity for public comments to be submitted and considered.

The security directive requires owners and operators of TSA-specified pipeline and LNG facilities to take action to achieve the following safety outcomes:

  1. Develop network segmentation policies and controls
  2. Establish access control measures to secure and prevent unauthorized access to critical cyber systems
  3. Build continuous monitoring and detection policies and procedures to identify cyber security threats and correct related anomalies
  4. Reduce the risk of exploiting unpatched systems by applying security patches and updates for operating systems, applications, drivers and firmware

Pipeline owners and operators must:

  1. Establish and execute a TSA-approved Cybersecurity Implementation Plan that outlines specific cybersecurity measures
  2. Develop and maintain a Cyber ​​Security Incident Response Plan
  3. Create a Cybersecurity Assessment Program to review the effectiveness of cybersecurity measures and identify and resolve vulnerabilities in devices, networks and systems proactively and regularly

Added to these requirements is the previously established requirement to report significant cyber security incidents to CISA, establish a cyber security contact point and conduct an annual cyber vulnerability assessment.





Latest Posts

UWL announces vessel partnership with Emirates Shipping Line

UWL, a leading American-owned NVOCC (Non-Vessel Operating Common Carrier) and global logistics provider, welcomes Emirates Shipping Line as the new vessel partner for its...

Sea-Intelligence: Port Power Rankings

 Sea-Intelligence analyses port performance in terms of schedule reliability, across the 202 deep-sea ports with the largest number of container vessel calls, by creating...

Suez slowdown reshapes Red Sea’s port map

The macro picture of the Red Sea is worsen as canal transits are at half-mast, and the region has relinquished its role as the...

We asked AI: When containers become pools

We asked AI what a container might look like if it was trasformed into a pool. The result? Long steel containers, many of them stacked,...

Transpacific crash may normalise charter market

Containership charter rates, which have defied the freight slump for some time, could be peaking, as some small ships chartered by opportunistic operators for...
error: Content is protected !!