TSA Updates Cybersecurity Guidelines for Pipeline Operators to be More Flexible

The Transportation Security Administration is revising cybersecurity guidelines for pipeline operators that were put in place in July 2021 to take into consideration recommendations made by industry stakeholders. The revision of guidelines was greenlighted after the agency received more than 380 requests from operators to implement alternative measures to those earlier specified, NextGov reported Friday.

In a statement, TSA Administrator David Pekoske said the decision to amend the earlier guidelines came as a result of consultations between agency officials and key stakeholders in the oil and natural gas pipeline sector. He added that the revised order allows pipeline operators greater flexibility in implementing their security measures on the condition that they produce the same desired results.

Pekoske explained that the revised directive extends the mandatory notification period from 12 hours to 24 hours after a breach has been detected. He added that since every company is different, the TSA has developed a new approach that accommodates a variance in systems and operations.

However, Pekoske emphasized that while the revised directive was designed to be more flexible to the needs of individual companies, it still contains features that allow for continuous monitoring and auditing. He said that these features are necessary to ensure that the desired cybersecurity outcomes are achieved.

The TSA’s cybersecurity guidelines were put in place in the immediate aftermath of the Colonial Pipeline hacking in May 2021. The breach forced the company to shut down fuel delivery for almost a week following the attack, according to a TechTarget report.