DHS Issues an Update to the Pipeline Industry Security Directive

Issue Date:

August 1, 2022
Importance

Very High
Summary

Department of Homeland Security Transportation Security Administration publishes Security Directive Pipeline-2021-02C (SD02C) to supersede Security Directive Pipeline-2021-02B.
Systems Impacted

Owners and Operators of TSA designated critical hazardous liquid pipelines, natural gas pipelines or liquified natural gas facilities. Refer to DHS TSA memorandum and attachment: https://www.tsa.gov/sites/default/files/tsa_sd_pipeline-2021-02-july-21_2022.pdf
PDF Download

Advisory Details

The Owner/Operator is required to

Establish a TSA approved 5-part Cybersecurity Implementation Plan to address cybersecurity measures specified in SD02C
Produce a Cybersecurity Incident Response Plan
Create a Cybersecurity Assessment Program
Maintain a regular practice to fulfill the plans and course of action described in parts 1, 2 and 3
Submit to TSA an annual plan identifying methods, processes, and procedures to assess the effectiveness of the cybersecurity plans and programs of parts 1, 2 and 3

Actions and/or Recommendations

Identify current client base which may be impacted by SD02C
Communicate Mangan Cybersecurity capabilities to the client base falling into the category of owners and operators describe in the Systems Impacted Section
Identify client capabilities to meet the SD02C requirements
Offer Mangan Cybersecurity to supplement client resources or provide solutions to meet

SD02C requirements on behalf of the client

Reach out to congressional representatives to better understand how to interact with TSA on behalf of clients

Be aware that SD02C is not designated Sensitive Security Information. However, information submitted to the TSA in support of any of the SD02C requirements is protected as Sensitive Security Information per 49 CFR parts 15 (relating to Department of Transportation regulated assets) and 1520 (relating to Coast Guard regulated assets).

About REAL Matters and Mangan Inc.

REAL Matters advisories are published to communicate cybersecurity threats and risks within the Operational Technology (OT) environment and where Critical Infrastructure vulnerabilities are identified. The purpose of this newsletter is to inform, propose suggested approaches to mitigate the risk as well as provide feedback on how Mangan Cybersecurity is approaching the issue(s) addressed.

Mangan Inc. is a nationally-recognized Specialty Engineering, Automation, and Integration company, providing a full-range of services to the Oil & Gas, Refining, Pipeline, Chemicals, and Life Sciences Industries. Established in Long Beach, California in 1990, Mangan’s multiple office locations include sites in California, Georgia, New Hampshire, North Carolina, Texas, and Louisiana. Mangan’s 350+ employee-owners bring expertise, innovation, and safety as their core mission to some of the largest companies in the world.

TSA pipeline cybersecurity planning, testing and mitigation.

OT cybersecurity threat analysis services.

Cybersecurity tolerance profiles for your organization.

Specifically developed to meet your organization’s objectives.

Alignment of your business risk tolerance, continuity, and budgets.

Coordination, assessments, evaluations, and remediation strategies for cybersecurity.

Time to recovery from a cyberattack is of the essence.

The heart of cybersecurity preparedness and proactivity.

Training specifically addressing OT cybersecurity concerns and approaches.

Navigate and develop your OT cybersecurity documentation and compliance.

Putting your plan into action with OT cybersecurity remediation services.

DHS Issues an Update to the Pipeline Industry Security Directive

Advisory Details

Actions and/or Recommendations

About REAL Matters and Mangan Inc.

What types of businesses need OT Cybersecurity?

Should an OT Cybersecurity Program be managed in-house or externally?

What are common challenges in OT Cybersecurity?