IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

TSA amends cyber security requirements for pipeline operators

The revised directive provides operators with greater flexibility over security management and incident response


On the grounds of growing ransomware attacks, the Biden administration has issued revised cybersecurity requirements for large-scale US pipeline operators.

Oil and gas industry groups have previously claimed that the Transportation Security Administration's rules don’t take into account the differences in how different pipelines run and how they use technology, respectively.

Related Resource

An EDR buyer's guide

How to pick the best endpoint detection and response solution for your business

Whitepaper cover with title and image of grey and green blocks, with the green ones connected to each otherFree Download

Among other things, the updated directive necessitates certain pipeline operators to 

ensure‭‬ security control measures that will keep industrial equipment running even when computer systems get hacked or compromised.

Pipeline operators are also required to ‭‬disseminate an incident response plan describing the steps that will be taken following a cyber attack.

The issued amendments are intended to give operators more flexibility over what cyber defensive measures they can take, according to the Transportation Security Administration. 

"Our goal was to improve the standards to make it even more secure going forward because this threat is very real [and] has significant impacts across the country," TSA Administrator David Pekoske said in an interview with CNN last month.

Per reports, the infamous ransomware attack on Colonial Pipeline's computer systems in May 2021 that shut down 5,500 miles of pipeline for days, was the catalyst for the TSA’s revised directive.

“The disruption of Colonial Pipeline -- which provides roughly 45% of the fuel consumed on the East Coast -- made critical infrastructure firms "much more sensitive" to their cybersecurity needs,” Pekoske told CNN.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Most Popular

Empowering employees to truly work anywhere

Empowering employees to truly work anywhere

22 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers

The top 12 password-cracking techniques used by hackers

14 Nov 2022