OT Cybersecurity Federal Regulations, Oversight, and Incentives

Advisory Details

  • Issue Date:

    November 22, 2022

  • Importance

    Medium High

  • Summary

    OT Cybersecurity Federal Regulations, Oversight, and Incentives

  • Systems Impacted

    This year, 2022, a number of directives, program launches, incentives and proposed rulemaking by federal cabinet level departments directly affect how some clients conduct business and may present other opportunities to take advantage of incentive-based cybersecurity postures.

  1. On July 21, 2022, the Department of Homeland Security Transportation Security Administration issued the revision to the Security Directive Pipeline-2021-02 series: Pipeline Cybersecurity Mitigation Actions, Contingency Planning, and Testing. Security Directive Pipeline-2021-02C (SD02C). SD02C is a continuation of the SD-02 series to supersede and replace SD Pipeline-2021-02B. This directive directly impacts those TSA designated critical asset owner/operator. SD02C extends use of the prescriptive action requirements and now measures results using a performance-based model. https://www.tsa.gov/sites/default/files/tsa_sd_pipeline-2021-02-july-21_2022.pdf
  2. Effective October 24, 2022, the Department of Homeland Security Transportation Security Administration issued Security Directive 1580/82-2022-01. This SD is applicable to freight rail carriers specified in 49 CFR 1580.101 and other TSA-designated freight and passenger railroads. This security directive is nearly identical in scope, actions required and measures as the SD02C.  https://www.tsa.gov/sites/default/files/sd-1580-82-2022-01.pdf
  3. In August 2022, the Department of Energy launched the Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance (RMUC) Program. This RUMC program is funded over a 5-year period and to improve the energy systems, processes, and assets on a priority basis. Other program objectives are to develop and improve incident response and recovery capabilities and enhance utility workforce cybersecurity skills.  https://www.energy.gov/ceser/rural-and-municipal-utility-advanced-cybersecurity-grant-and-technical-assistance-rmuc
  4. On November 21, 2022, the period closed for comments to a Department of Entergy Notice of Proposed Rulemaking. This NOPR provides a method for the Federal Energy Regulatory Commission to set rules for utility rate incentives based on investments in advanced cybersecurity technology and by participating in cybersecurity threat information sharing programs.  https://www.federalregister.gov/documents/2022/10/06/2022-21003/incentives-for-advanced-cybersecurity-investment-cybersecurity-incentives#p-47

Actions and/or Recommendations

  1. Establish the impact of the TSA security directives on your organization. Determine if you can take advantage of the DOE programs to improve your organization’s cybersecurity posture.
  2. Find out more about the pre-qualified expenditures eligible for incentives. Mangan Cybersecurity can assist your organization to find the answers to these questions.
  3. Seek assistance as necessary to manage these directives or shape your rate incentivized cybersecurity investments.

About REAL Matters and Mangan Inc.

REAL Matters advisories are published to communicate cybersecurity threats and risks within the Operational Technology (OT) environment and where Critical Infrastructure vulnerabilities are identified. The purpose of this newsletter is to inform, propose suggested approaches to mitigate the risk as well as provide feedback on how Mangan Cybersecurity is approaching the issue(s) addressed.

Mangan Inc. is a nationally-recognized Specialty Engineering, Automation, and Integration company, providing a full-range of services to the Oil & Gas, Refining, Pipeline, Chemicals, and Life Sciences Industries. Established in Long Beach, California in 1990, Mangan’s multiple office locations include sites in California, Georgia, New Hampshire, North Carolina, Texas, and Louisiana. Mangan’s 350+ employee-owners bring expertise, innovation, and safety as their core mission to some of the largest companies in the world.

Scroll to Top