U.S. Transportation Security Administration Pipeline Security Directives

Since the Colonial Pipeline ransomware attack in May 2021, the regulatory environment in which critical pipeline owners and operators must navigate has been rocky, to say the least. The U.S. Transportation Security Administration (TSA) has issued several security directives after this ransomware event with prescriptive requirements and seemingly impossible to achieve implementation timeframes.

To help pipeline owners and operators address the latest updates and requirements of TSA Security Directive Pipeline-2021-02C, we’ve developed an in-depth brief to provide information and actionable advice that includes:

• Review of TSA security directives post-Colonial Pipeline ransomware incident
• Challenges owners/operators faced with Pipeline-2021-02B
• Overview of the recently issued Pipeline-2021-02C
• Lessons learned from our experience evaluating OT system architecture

In addition, we provide a comparison of Pipeline-2021-02B and Pipeline-2021-02C measures that highlights the changes between the two, and we offer our recommendations on adapting to them.