On May 28, the Department of Homeland Security’s Transportation Security Administration (TSA) issued a new Security Directive to establish protocols to better identify, protect, and respond better and more quickly to threats to critical companies in the security sector. the pipes.
The Safety Directive applies to owners and operators of facilities or pipelines operating any hazardous natural gas pipeline or any liquefied natural gas facility that TSA notifies that its system or pipeline installation is considered critical. In addition to the new guidelines on incident reporting and response requirements, the Directive requires four vital and time-sensitive actions.
Accordingly, critical pipe and facility owners and operators must:
- Immediately provide TSA with written confirmation of receipt of the Safety Directive.
- Within seven days of May 28, designate a primary cybersecurity coordinator and at least one alternative. These people need to be on a corporate level. They should be available to TSA and CISA 24/7 to address cyber best practices and provide coordination in the event of an incident. The names of the designated coordinators and their titles, telephone numbers and email addresses must be submitted in writing to the TSA. Each designated coordinator must be a U.S. citizen who can obtain a security clearance and must coordinate cyber and related security practices and procedures within the organization and work with law enforcement and emergency response agencies accordingly. if necessary.
- Within 30 days of May 28, conduct a gap assessment to assess current practices and immediately disseminate the information and measures of this Security Directive to senior corporate management, to representatives of the security management and to any personnel responsible for enforcing the provisions of this Safety Directive and provide prompt information on the Safety Directive to all such persons. In addition, the landlord / operator must also share this Safety Directive with anyone subject to the provisions of this Safety Directive, including federal, state and local government personnel, tenants and contractors.
- Address cyber risks for both information and operating technology systems and infrastructures. Any gaps identified must have remedial action taken to address them and a deadline must be provided for their implementation. Each affected organization will submit a copy of the resulting report to TSA and CISA.