The Department of Homeland Security’s Transportation Security Administration (TSA) announced a new Security Directive that will require critical pipeline owners and operators to:
- Report confirmed and potential cybersecurity incidents to the DHS Cybersecurity and Infrastructure Security Agency (CISA);
- Designate a Cybersecurity Coordinator that must be available 24 hours a day, seven days a week; and
- Review their current practices and identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days.
TSA is also considering follow-on mandatory cybersecurity measures for the pipeline industry.