Following significant collaboration with the industry, the Transportation Security Administration (TSA) issued a revised directive, effective July 27, 2022, which updates one of the prior directives issued in the wake of a May 2021 cyberattack on one of the nation’s largest interstate oil pipelines. Similar to the prior directives, this latest version, Security Directive Pipeline-2021-02C, incorporates several key modifications that provide more flexibility for operators of critical pipeline and LNG infrastructure who are subject to the directives. This includes reliance on a performance-based, rather than prescriptive, security outcome model, which is more aligned with the federal pipeline safety regulations and allows operators to develop plans that are tailored to their pipeline systems. The updated directive, along with a portion of previous Directive 2021-02B, is set to expire within one year, on July 27, 2023, during which time the TSA intends to pursue formal rulemaking.
TSA remains concerned that risks to critical pipeline systems and LNG facilities continue to be high. As such, TSA mandates in its most recent directive that the following additional protocols be developed and incorporated into response plans: