TSA Updates Pipeline Cybersecurity Requirements

The updates will require pipeline owners and operators to do more than just plan for potential cyberattacks; now, those plans will need to be tested.

A year after the Transportation Security Administration (TSA)
updated requirements
for pipeline owners and operators to improve their defenses against cyberattacks in the wake of the Colonial Pipeline debacle, it has released an updated version with additional cybersecurity requirements to be fulfilled.
Owners and operators will now be required to enhance cyber resilience through implementation of a TSA-approved Cybersecurity Implementation Plan (CIP), along with testing of at least two objectives in the proposed plans.
TSA administrator
David Pekoske
said that while earlier versions of the policy required these processes and plans to be developed, owners and operators are now required to actually test the plans and evaluate them. The plans, a schedule for assessing and auditing those cyber measures, and a report of the previous years assessment will all be required to be submitted annually.
All of the existing requirements, such as reporting significant cyber-related incidents to CISA, designating a point of contact, and conducting a vulnerability assessment, will also remain in place.
These changes continue to roll in years after the
Colonial Pipeline hack
, which exposed severe cyber vulnerabilities in critical infrastructure that threat actors are all too willing to take advantage of.
This revision retains the transition to a more flexible, performance-based approach requiring all Owner/Operators to submit a Cybersecurity Implementation Plan for TSA approval. All currently identified critical Owner/Operators have a
TSA-approved Cybersecurity Implementation Plan
in place, stated the
US Department of Homeland Security memorandum
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
TSA Updates Pipeline Cybersecurity Requirements