The Department of Homeland Security (DHS) has issued a memorandum detailing new cybersecurity rules for owners and operators of pipelines, a decision seen by the pipeline industry as a win.
The Security Directive Pipeline-2021-02C (SD02C) is applicable to operators or owners of hazardous liquid and natural gas pipelines or a liquefied natural gas facility who have already been notified by the Transportation Security Administration (TSA) that their “pipeline system or facility is critical,” the memorandum states. The new rules kick into effect on July 27, 2022. The TSA is a part of the DHS.
According to the new SD02C guidelines, pipeline owners and operators are required to “1) Establish and implement a TSA-approved Cybersecurity Implementation Plan; 2) Develop and maintain a Cybersecurity Incident Response Plan to reduce the risk of operational disruption; and 3) Establish a Cybersecurity Assessment Program, and submit an annual plan that describes how the Owner/Operator will assess the effectiveness of cybersecurity measures.”…