14.2 C
Hamburg
Thursday, June 5, 2025
Home News TSA revises and reissues cybersecurity requirements for pipeline owners and operators

TSA revises and reissues cybersecurity requirements for pipeline owners and operators

The United States government body, Transportation Security Administration (TSA) has announced that it is revising and reissuing its Security Directive on oil and natural gas pipeline cyber security.

This directive will continue the effort to build cybersecurity resilience for the pipelines, according to a statement.

The directive extends the cybersecurity requirements for another year (starting from last July) and focuses on non-binding performance-based measures so that there are critical cyber results.

“TSA is committed to keeping the nation’s transportation systems safe from cyberattacks. This revised security directive follows significant collaboration between TSA and the oil and natural gas pipeline industry. The directive establishes a new model that accommodates variance in systems and operations to meet our security requirements,” said TSA administrator David Pekoske.

“We recognise that every company is different, and we have developed an approach that accommodates that fact, supported by continuous monitoring and auditing to assess achievement of the needed cybersecurity outcomes. We will continue working with our partners in the transportation sector to increase cybersecurity resilience throughout the system and acknowledge the significant work over the past year to protect this critical infrastructure,” he added.

It is important to note that May 2021 ransomware attack on a major pipeline had TSA to issue several security directives requiring that owners and operators of critical pipelines implement several urgently needed cybersecurity measures.

TSA intends to initiate the formal rulemaking process, which will provide an opportunity for public comments to be submitted and considered.

The security directive requires owners and operators of TSA-specified pipeline and LNG facilities to take action to achieve the following safety outcomes:

  1. Develop network segmentation policies and controls
  2. Establish access control measures to secure and prevent unauthorized access to critical cyber systems
  3. Build continuous monitoring and detection policies and procedures to identify cyber security threats and correct related anomalies
  4. Reduce the risk of exploiting unpatched systems by applying security patches and updates for operating systems, applications, drivers and firmware

Pipeline owners and operators must:

  1. Establish and execute a TSA-approved Cybersecurity Implementation Plan that outlines specific cybersecurity measures
  2. Develop and maintain a Cyber ​​Security Incident Response Plan
  3. Create a Cybersecurity Assessment Program to review the effectiveness of cybersecurity measures and identify and resolve vulnerabilities in devices, networks and systems proactively and regularly

Added to these requirements is the previously established requirement to report significant cyber security incidents to CISA, establish a cyber security contact point and conduct an annual cyber vulnerability assessment.





Latest Posts

BIMCO develops standard clause addressing USTR uncertainties

BIMCO, the world’s largest shipping association, has initiated the development of a standard industry clause to address contractual uncertainties arising from the United States...

Wincanton accelerates net zero ambitions with deployment of 24 electric HGVs

Wincanton has announced the first wave of 24 new electric heavy goods vehicles (HGVs) joining its fleet this year, marking a key step towards...

How to Choose the Right Contractor for Gutter Installation in Boston?

When it comes to protecting your home from water damage, a well-executed gutter installation is not just a luxury, it’s a necessity. Your gutters...

Port of Toulon marks major milestone with shore power installation

The Port of Toulon has successfully commissioned France’s largest shore power system, developed and delivered by a consortium led by ABB in collaboration with...

Gridlock at European Ports: Operational Crisis with Geopolitical Consequences

Europe's northern ports are in the grip of a deepening operational crisis with wide-reaching geopolitical implications. As 2025 unfolds, bottlenecks at major ports like Rotterdam,...
error: Content is protected !!