Since the Colonial Pipeline ransomware attack in May 2021, the regulatory environment in which critical pipeline owners and operators must navigate has been rocky, to say the least. The U.S. Transportation Security Administration (TSA) has issued several security directives after this ransomware event with prescriptive requirements and seemingly impossible to achieve implementation timeframes.
At Dragos, we find it encouraging that the most recent iteration issued by the TSA, Security Directive Pipeline-2021-02C (Pipeline-2021-02C), is the result of collaboration between business and government entities with the shared goal of resilient, continuously operating pipelines secure from cyber disruption. Further, this directive aligns with multiple operational technology (OT) standards such as the NIST Cybersecurity Framework, API 1164, and the ISA/IEC 62443 series. By bringing the security directive in line with a variety of OT standards, owners and operators can pull from a broader set of guidance, experience, and solutions to meet the updated security directive requirements.
To help pipeline owners and operators address the latest updates and requirements of Pipeline-2021-02C, we’ve developed an in-depth brief to provide information and actionable advice that includes:
- Review of TSA security directives post-Colonial Pipeline ransomware incident
- Challenges owners/operators faced with Pipeline-2021-02B
- Overview of the recently issued Pipeline-2021-02C
- Lessons learned from our experience evaluating OT system architecture
We also offer detailed information with guidance that shows the changes from Pipeline-2021-02B to Pipeline-2021-02C and our recommendations on adapting to them.
Ready to put your insights into action?
Take the next steps and contact our team today.