Skip to Main Content
Services Talent Knowledge
Site Search


Our attorneys stay on top of changes in legislation, agency regulations, case law, and industry trends—then craft timely legal alerts to keep clients up to date on legal developments important to their business.

May 28, 2021

DHS Issues Security Directive for Pipelines

In an early sign of the ripple effect President Biden’s recent executive order will have on the nation’s energy industry, the Department of Homeland Security’s (DHS’s) Transportation Security Administration (TSA) announced on May 27, 2021, a security directive that will enable DHS to better “identify, protect against, and respond to threats to critical companies in the pipeline sector.”

The directive requires critical pipelines to report confirmed and potential cybersecurity incidents to the DHS’s Cybersecurity and Infrastructure Security Agency (CISA). It also requires them to designate a cybersecurity coordinator, who must be available 24/7. And most importantly, the directive imposes a 30-day deadline by which critical pipelines must review their current practices, identify any gaps and remediation measures to address them, and report the results to TSA and CISA.

The directive comes on the heels of the May 10 ransomware attack on Colonial Pipeline, which reportedly carries 45 percent of the East Coast’s fuel supplies, and President Biden’s May 12 Executive Order on Improving the Nation’s Cybersecurity. The directive highlights CISA’s central role as the “national cyber defense center.” (Colonial Pipeline did not initially report the ransomware attack to CISA; only after the FBI began its investigation was CISA notified.)

Critical pipelines will be hard at work to assess and augment their cyber safeguards within the security directive’s 30-day deadline. And they may need to do so without further guidance from TSA, which is considering, but has not yet imposed, mandatory cybersecurity measures on the pipeline industry. As for what those measures will be, look for TSA to draw on frameworks set out by the president’s executive order, the National Institute of Standards and Technology (NIST), and the Pipeline and Hazardous Materials Safety Administration. And expect the government’s compliance review to be rigorous.

Barclay Damon’s attorneys team across office and practices to provide their clients with customized, targeted solutions. If you have any questions about the DHS’s security directive or how best to comply, please contact Nick DiCesare or Kevin Szczepanski, co-team leaders of the Cybersecurity Team, at and, respectively; Richard Capozza, leader of the Energy and Electric Power Teams and co-leader of the Oil & Gas, Renewable Energy, and Linear Infrastructure Teams, at; or Yvonne Hennessey, co-team leader of the Oil & Gas, Linear Infrastructure, and Energy Markets Teams, at


Click here to sign up for alerts, blog posts, and firm news.

Featured Media


Affidavits Lacking Personal Knowledge and Attaching Uncertified Records Have No Probative Value


Website Accessibility Lawsuits: Several New "Tester" Plaintiffs—Jovan Campbell, Kimberly Miller, Nadreca Reid, and Jahron Black—Targeting Businesses in Recent Flurry of Federal Court Litigation


NYS Public Service Commission Modifies Energy Storage Solicitations


Second Circuit Dismisses Bad Faith Claim as Time-Barred "Loss" Under Property Insurance Policy


New York Executive Law 135-c: Electronic Notarization


Website Accessibility Lawsuits: Several New "Tester" Plaintiffs—Christopher Walters, Denise Crumwell, Braulio Thorne, and Linda Slade—Targeting Businesses in Recent Flurry of State and Federal Court Litigation

This site uses cookies to give you the best experience possible on our site and in some cases direct advertisements to you based upon your use of our site.

By clicking [I agree], you are agreeing to our use of cookies. For information on what cookies we use and how to manage our use of cookies, please visit our Privacy Statement.

I AgreeOpt-Out