New TSA Pipeline Regulations Announced

July 27, 2023 – Published on IT Nerd

Last week, the TSA put out new cybersecurity requirements for pipeline owners. No doubt to prevent another Colonial Pipeline situation.

Chris Warner, OT Senior Security Consultant at GuidePoint Security provided commentary on the new requirements:

The TSA has announced updates to its Security Directive (SD) aimed at strengthening the operational resilience of oil and natural gas pipeline owners and operators against cyber-attacks. These updates, effective from July 27th, 2023, introduce certain requirements that may demand additional resources from organizations to comply. At a high level, the updated SD includes the following provisions:

1. Annual submission of an Updated Cybersecurity Assessment Plan (CAP) for TSA review and approval.
2. Reporting of the previous year’s assessment results and providing an annual schedule for auditing cybersecurity measures, with 100% assessment of security measures required every three years.
3. Annual testing of at least two objectives of the Cybersecurity Incident Response Plan (CIRP), involving relevant individuals identified in the plan.
4. Maintaining existing requirements, such as reporting significant cybersecurity incidents to CISA, designating a cybersecurity point of contact, and conducting a cybersecurity vulnerability assessment (SD Pipeline 2021-01C).

Read More HERE.