Security Directive Pipeline 2021-1
On May 28, 2021, the U.S. Department of Homeland Security (DHS) - Transportation Security Administration (TSA) issued Security Directive 2021-1 specifically for pipeline operations.
Pipeline infrastructure is vital to economic and national security. Composed of thousands of companies and nearly three million miles of pipelines for transporting oil, natural gas, and other commodities, pipeline owners and operators are increasingly relying on integrated and secure information technology (IT) and operational technology (OT) solutions.
Since 1989, RoviSys has worked with oil & gas customers to implement solutions that protect critical pipeline systems from evolving and emerging risks. Our formalized and focused team of SME’s includes experts in Business IT, Industrial IT/OT, and Oil & Gas process. We deliver the unique perspective and experience necessary to drive solutions that actually improve cyber security - from a true business case perspective that delivers the right solution for every situation.
Services & Consultation
- OT Audits, Assessments, and Gap Analysis
- Cybersecurity, Infrastructure, Disaster Recovery, etc.
- Audit/assess against existing internal policies/procedures
- Utilize well-adopted standards (i.e., IEC 62443, NIST, DHS)
- OT Vulnerability and Risk Remediation
- Future-State Road-Mapping
- OT Design and Implementation Services
- SCADA Assessments
- Remote Access
- Communication Mapping
- User Access
- Process Control System (PCS) and Distributed Control System (DCS) Cybersecurity Assessments
- OT Disaster Recovery & Business Continuity
- OT Policies and Procedures and Governance
- OT Cybersecurity
- Merger & Acquisition - Assessments/Gap Analysis
- OT Support and Responsibility Matrices
- OT Threat & Anomaly Detection, Monitoring, Baselining
Pipeline Operator Guidance
Security Directive Pipeline 2021-1 gives guidance to pipeline operators in three key areas:
- Owners and operators of pipeline operations must report security incidents to the Cybersecurity and Infrastructure Security Agency (CISA).
- A cybersecurity coordinator must be assigned and available 24/7 to coordinate security practices, meet specific requirements outlined in the directive and react when incidents occur.
- Oil and gas facilities must assess their current cybersecurity practices and activities to address cyber risks against the TSA's 2018 Pipeline Security Guidelines, identify gaps between their current cybersecurity practices and those listed in the guidelines, and develop remediation plans to fill those gaps.