TSA Revises Cybersecurity Directive for Pipelines
International Liquid Terminals Association
  • Join


A respected industry publication for ILTA members, this monthly newsletter highlights legislative and regulatory activities affecting terminal facilities. It also provides news on recent business development within the terminal industry, including new construction, expansions, acquisitions and additions to ILTA's membership, as well as important information about ILTA's committee meetings, conferences and training events. ILTA also offers ILTA News Plus to members. This publication, sent on weeks that ILTA News is not published, aggregates industry and member news.

Read the Current Issue

2024 Newsletters

MayAprilMarch, FebruaryJanuary

2023 Newsletters



Not a member? Join ILTA today and stay up-to-date withILTA News and ILTA News Plus.
Michael Stroud
/ Categories: ILTA News Articles

TSA Revises Cybersecurity Directive for Pipelines

The U.S. Department of Homeland Security's Transportation Security Administration (TSA) continues its mission of increasing cybersecurity for various modes of transportation. In 2022, TSA issued directives focused on different parts of the transportation industry. In May and July 2022, the Transportation Security Administration (TSA) issued two Security Directives for Pipelines, generally referred to as SD02B and SD02C. The goal of these directives is to prescribe efforts that owners and operators of hazardous liquid and natural gas pipelines or liquified natural gas (LNG) facilities need to implement to improve cybersecurity awareness, reporting, and preparedness.

Additionally, SD02C requires the actual implementation of cybersecurity recommendations. Specifically, TSA requires certain covered facility owners and operators to develop and submit TSA-approved Cybersecurity Implementation Plan (CIP), establish a cyber incident response plan, and implement a cybersecurity assessment program, requiring annual plan submission for maintaining the effectiveness of the cybersecurity program. 

SD02C contains a strict schedule for compliance – 90 days to file the CIP for TSA approval. The CIPs were due on October 25. In addition to having the CIP approved by TSA, the new SD02C requires TSA to inspect the impacted facilities to assess compliance with the approved CIP. TSA requires impacted facilities to submit their homework, and TSA will check it for accuracy and completeness. Finally, once the CIP is approved by TSA, the impacted owners and operators must develop and submit a Cybersecurity Assessment Program (CAP) to TSA no later than 60 days from the date TSA approves the CIP. The CAP is intended to ensure that the CIP is routinely evaluated and updated.

ILTA's cybersecurity working group is prepared to develop comments on the anticipated forthcoming cybersecurity rulemaking from TSA, which will likely incorporate SD02C and any relevant aspects of SD02B.

Previous Article Rail Worker Strike Threat Lingers
Next Article ILTA Group Reviews OSHA Efforts on Process Safety Management Program
463 Rate this article:
No rating
Please login or register to post comments.