DHS Announces New Cybersecurity Requirements for Pipeline Owners and Operators
On May 28, the Department of Homeland Security’s Transportation Security Administration (TSA) released a new Security Directive to establish protocols to identify, protect against, and respond better and more quickly to threats to critical companies in the pipeline sector.
The Security Directive applies to owners and operators of facilities or pipelines that handle any hazardous liquid, natural gas pipelines, or any liquefied natural gas facility notified by TSA that their pipeline system or facility is considered critical. In addition to new guidance on incident response and notification requirements, the Directive requires four very time-sensitive and vital actions.
Accordingly, critical pipeline and facility owners and operators must:
- Immediately provide written confirmation of receipt of the Security Directive to the TSA.
- Within seven days of May 28, designate a primary and at least one alternate cybersecurity coordinator. These individuals must be at the corporate level. They will be required to be available to TSA and CISA 24/7 to address cyber best practices and provide coordination in the event of any incident. The names of the appointed coordinators and their titles, phone numbers, and email addresses must be submitted in writing to the TSA. Each named coordinator must be a U.S. citizen who is eligible for a security clearance and shall coordinate cyber and related security practices and procedures within the organization and work with both law enforcement and emergency response agencies as needed.
- Within 30 days of May 28, conduct a gap assessment to assess current practices and immediately disseminate the information and measures in this Security Directive to corporate senior management, security management representatives, and any personnel responsible for implementing the provisions in this Security Directive and provide a prompt briefing regarding the Security Directive to all such individuals. Additionally, the owner/operator also should share this Security Directive with anyone subject to the provisions of this Security Directive, including federal, state, and local government personnel, tenants, and contractors.
- Address cybers risks for both information and operational technology systems and infrastructure. Any gaps identified shall have remediation measures enacted to address those gaps and a timeframe for implementing the measures shall be provided. Each affected organization shall deliver a copy of the resulting report to TSA and CISA.
The Current Whipsaw in Labor Law: Recent NLRB Developments and the Direction of the Biden Administration
While President Biden makes historic decisions, such as the firing of the NLRB’s General Counsel in January, many employers are wondering what impact “Biden’s NLRB” will have on their workforce. As new board members are confirmed, what changes should employers expect from the new NLRB?
FAQs: Mandatory COVID-19 Vaccines and the Automotive & Manufacturing Industries
Join us for a presentation where we will share the considerations, implications, and answer your frequently asked questions surrounding the implementation of mandatory COVID-19 vaccines.
The Department of Education Clarifies That Title IX Applies to Cases Involving Sexual Orientation and Gender Identity
The U.S. Department of Education’s Office for Civil Rights has issued an interpretation of Title IX, emphasizing that the law prohibits discrimination based upon (1) sexual orientation; and (2) gender identity.