On May 27, 2021, the U.S. Department of Homeland Security’s (“DHS”) Transportation Security Administration (“TSA”) announced a Security Directive (the “Directive”) that will impose new cybersecurity requirements on critical pipeline owners and operators.

Under the Directive, critical pipeline owners and operators will be required to:

  • Report confirmed and potential cybersecurity incidents to the DHS Cybersecurity and Infrastructure Security Agency (“CISA”);
  • Designate a Cybersecurity Coordinator who will be available 24/7; and
  • Review current practices to identify gaps and remediation measures related to cyber risks, reporting the results to the TSA and CISA within 30 days.

According to DHS’s announcement, the TSA also is considering additional, follow-on obligations and measures relating to cybersecurity in the pipeline industry. As we previously reported, on May 12, 2021, President Biden signed an Executive Order intended to improve cybersecurity in the U.S. and protect federal government networks.