The Transportation Security Administration has modified and extended by one year its cybersecurity mandate for owners and operators of oil and natural gas pipelines by one year.
The policy announced Thursday requires industry to develop a plan for the implementation of network segmentation, access control, continuous monitoring and patch management measures.
TSA also instructed pipeline companies to create a document on how they intend to respond to security incidents that may cause operational disruption or business degradation, as well as form a program to test the effectiveness of their cybersecurity practices.
“We recognize that every company is different, and we have developed an approach that accommodates that fact, supported by continuous monitoring and auditing to assess achievement of the needed cybersecurity outcomes,” TSA Administrator David Pekoske said.
The agency issued its first sector directive in May of last year in response to the Colonial Pipeline ransomware attack.