Department of Homeland Security Announces Pipeline Cybersecurity Policy
On May 27, 2021, the US Department of Homeland Security (“DHS”) Transportation Security Administration (“TSA”) announced a security policy (the “Policy”) that imposes new cybersecurity requirements on the owners and operators of critical pipelines.
According to the directive, owners and operators of critical pipelines must:
- Report confirmed and potential cybersecurity incidents to DHS Cybersecurity and Infrastructure Security Agency (“CISA”);
- Appoint a cybersecurity coordinator who is available 24/7; and
- Review current practices to identify gaps and remedial actions related to cyber risk and report the results to the TSA and CISA within 30 days.
According to the DHS announcement, the TSA is also considering additional follow-up commitments and measures related to cybersecurity in the pipeline industry. As we previously reported, on May 12, 2021, President Biden signed an Executive Order designed to improve cybersecurity in the United States and protect federal government networks.