On July 20, 2021, the U.S. Department of Homeland Security’s (“DHS’s”) Transportation Security Administration (“TSA”) announced a new Security Directive (the “Second Directive”) requiring owners and operators of certain critical pipelines transporting hazardous liquids and natural gas to implement specific cybersecurity measures. This Second Directive builds on the TSA’s earlier directive of May 27, 2021, on which we previously reported.
The Second Directive requires TSA-designated critical pipelines to:
- implement specific mitigation measures to protect against ransomware and other threats to information technology and operational technology systems;
- develop and implement a cybersecurity contingency and recovery plan; and
- conduct a cybersecurity architecture design review.
According to the announcement, DHS’s Cybersecurity and Infrastructure Security Agency (“CISA”) advised the TSA on cybersecurity threats facing the pipeline industry and relevant technical countermeasures. In connection with the announced requirements, Secretary of Homeland Security Alejandro N. Mayorkas noted, “Public-private partnerships are critical to the security of every community across our country and DHS will continue working closely with our private sector partners to support their operations and increase their cybersecurity resilience.”