The new, hastily announced security directive requires US pipeline companies to appoint a cybersecurity coordinator and report possible breaches within 12 hours.

The Transportation Safety Administration (TSA), an arm of the US Department of Homeland Security (DHS), released a Security Directive on Enhancing Pipeline Cybersecurity. TSA released the document two days after the Biden administration leaked the details of the regulations and less than a month after the ransomware attack on Colonial Pipeline created a significant gas shortage in the Southeast US.

As a result of post-9/11 government maneuvering, the TSA gained statutory authority to secure surface transportation and ensure pipeline safety. The directive follows largely ineffective, voluntary pipeline security guidelines established by the TSA in 2010 and updated in 2018.

This new regulation requires that designated pipeline security companies report cybersecurity incidents to the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) no later than 12 hours after a cybersecurity incident is identified. The TSA estimates that about 100 companies in the US would fall under the directive’s mandates.

This article appeared in CSO Online. To read the rest of the article please visit here.