TSA Requires Oil and Gas Pipeline Owners, Operators to Test Cybersecurity Plans

The Transportation Security Administration has released an updated security directive requiring oil and natural gas pipeline owners and operators to test and evaluate at least two cybersecurity incident response plan objectives.

The oil and gas industry was ordered to create incident response plans to strengthen their cyber resilience and defense capabilities against cyberattacks under previous versions of the directive released in 2021 and 2022.

Input from industry stakeholders, the Cybersecurity and Infrastructure Security Agency and the Department of Transportation were worked into the updated cybersecurity requirements, the TSA said.

Under the new directive, oil and gas owners and operators are also required to conduct cybersecurity exercises annually, submit to TSA updated cybersecurity assessment strategies on a yearly basis, and evaluate security measures every three years.

The TSA issued its first security directive after a May 2021 ransomware attack on the Colonial Pipeline. The incident caused fuel and energy supply shortages across the East Coast.