Skip to content

DHS Announces New Cybersecurity Requirements for Pipeline Owners and Operators

May 28, 2021

On May 28, the Department of Homeland Security’s Transportation Security Administration (TSA) released a new Security Directive to establish protocols to identify, protect against, and respond better and more quickly to threats to critical companies in the pipeline sector.

The Security Directive applies to owners and operators of facilities or pipelines that handle any hazardous liquid, natural gas pipelines, or any liquefied natural gas facility notified by TSA that their pipeline system or facility is considered critical. In addition to new guidance on incident response and notification requirements, the Directive requires four very time-sensitive and vital actions.

Actions Required

Accordingly, critical pipeline and facility owners and operators must:

  • Immediately provide written confirmation of receipt of the Security Directive to the TSA.
  • Within seven days of May 28, designate a primary and at least one alternate cybersecurity coordinator. These individuals must be at the corporate level. They will be required to be available to TSA and CISA 24/7 to address cyber best practices and provide coordination in the event of any incident. The names of the appointed coordinators and their titles, phone numbers, and email addresses must be submitted in writing to the TSA. Each named coordinator must be a U.S. citizen who is eligible for a security clearance and shall coordinate cyber and related security practices and procedures within the organization and work with both law enforcement and emergency response agencies as needed.
  • Within 30 days of May 28, conduct a gap assessment to assess current practices and immediately disseminate the information and measures in this Security Directive to corporate senior management, security management representatives, and any personnel responsible for implementing the provisions in this Security Directive and provide a prompt briefing regarding the Security Directive to all such individuals. Additionally, the owner/operator also should share this Security Directive with anyone subject to the provisions of this Security Directive, including federal, state, and local government personnel, tenants, and contractors.
  • Address cybers risks for both information and operational technology systems and infrastructure. Any gaps identified shall have remediation measures enacted to address those gaps and a timeframe for implementing the measures shall be provided. Each affected organization shall deliver a copy of the resulting report to TSA and CISA.

If you have any questions about this Security Directive or would like a copy, please contact Jeffrey Wells, jwells@clarkhill.com, or Melissa Ventrone, mventrone@clarkhill.com.

Subscribe for the latest

Subscribe

Related

Event

Webinar: Special Education Bootcamp - Compliance Foundations Under IDEA

Whether you are new to special education leadership or looking to reinforce your foundational knowledge, this interactive webinar will provide a comprehensive overview of the core compliance requirements under the Individuals with Disabilities Education Act (IDEA). Designed for school leaders who are responsible for ensuring legally sound practices, this session will offer practical tools and strategies to help participants navigate common procedural and substantive pitfalls, support sound decision-making, and build a compliant and student-centered special education program.

Explore more
Event

Telehealth Week Webinar 2025: Navigating Legal Changes and Future Trends for Healthcare Providers

Join Paul Schmeltzer, Carrie Foote, and John Howard for our one-hour annual Telehealth Week webinar, focused on the evolving legal landscape of telehealth. This session will cover key topics, including the upcoming DEA final rule on prescribing controlled substances via telehealth, federal reimbursement concerns for telehealth, and what healthcare providers need to prepare for other upcoming changes.

Explore more
Event

Webinar: The Transatlantic Tightrope: AI, ESG and the Evolving Duty of Care for Multinational Companies

Join Mariah Leffingwell and Sam Saarsteiner for a conversation, moderated by co-chair of Clark Hill’s ESG & Sustainability advisory practice, Maram Salaheldin,  that bridges the Atlantic—and the gap between innovation and accountability—as they explore how today’s duty of care must adapt to tomorrow’s technologies.

Explore more