* Meg Heyse is a 2021 summer associate at Troutman Pepper. She is not admitted to practice law.
In April 2021, the Department of Energy (DOE) launched a 100-day initiative to strengthen cybersecurity protections in the energy sector. Just one month later, the Transportation Security Administration (TSA), an agency under the purview of the Department of Homeland Security (DHS), issued Security Directive Pipeline 2021-1 (Security Directive or Directive) to implement — for the first time — mandatory requirements for certain pipeline operators with respect to cybersecurity. The Security Directive became effective the day it was issued on May 28, 2021. Although the Security Directive was issued in final, TSA is accepting public comments on the Directive and has indicated that it may amend the Directive based on those comments.
The Security Directive mandates that owners and operators of “critical” hazardous liquid and natural gas pipeline infrastructure comply with certain portions of the DOE’s April 2021 initiative. As defined by the Directive, “critical” pipeline facilities are those that have been previously identified by the TSA as critical pursuant to the Implementing Recommendations of the 9/11 Commission Act of 2007 and as outlined in TSA’s pipeline security guidelines. For these owners and operators, the Directive has three broad mandates. Continue Reading Mandatory Homeland Security Cybersecurity Directive