Following the Colonial Pipeline hack — one of the highest-profile attacks against US critical infrastructure to date — in 2021, the Department of Homeland Security’s Transportation Security Administration (TSA) released two unprecedented Security Directives, requiring owners and operators of gas and liquid pipelines to implement strict new protections against cyberattacks.
On July 21, the TSA released an update to these directives, doubling down on its efforts to ensure better protection for energy infrastructure nationwide. In particular, it has emphasized the need for access control, credential management, and the use of “compensating controls” to allow pipeline operators to embrace the latest innovations in how they protect critical systems.
