Skip to Main Content
Services Talent Knowledge
Site Search
Menu

Alert

Our attorneys stay on top of changes in legislation, agency regulations, case law, and industry trends—then craft timely legal alerts to keep clients up to date on legal developments important to their business.

May 28, 2021

DHS Issues Security Directive for Pipelines

In an early sign of the ripple effect President Biden’s recent executive order will have on the nation’s energy industry, the Department of Homeland Security’s (DHS’s) Transportation Security Administration (TSA) announced on May 27, 2021, a security directive that will enable DHS to better “identify, protect against, and respond to threats to critical companies in the pipeline sector.”

The directive requires critical pipelines to report confirmed and potential cybersecurity incidents to the DHS’s Cybersecurity and Infrastructure Security Agency (CISA). It also requires them to designate a cybersecurity coordinator, who must be available 24/7. And most importantly, the directive imposes a 30-day deadline by which critical pipelines must review their current practices, identify any gaps and remediation measures to address them, and report the results to TSA and CISA.

The directive comes on the heels of the May 10 ransomware attack on Colonial Pipeline, which reportedly carries 45 percent of the East Coast’s fuel supplies, and President Biden’s May 12 Executive Order on Improving the Nation’s Cybersecurity. The directive highlights CISA’s central role as the “national cyber defense center.” (Colonial Pipeline did not initially report the ransomware attack to CISA; only after the FBI began its investigation was CISA notified.)

Critical pipelines will be hard at work to assess and augment their cyber safeguards within the security directive’s 30-day deadline. And they may need to do so without further guidance from TSA, which is considering, but has not yet imposed, mandatory cybersecurity measures on the pipeline industry. As for what those measures will be, look for TSA to draw on frameworks set out by the president’s executive order, the National Institute of Standards and Technology (NIST), and the Pipeline and Hazardous Materials Safety Administration. And expect the government’s compliance review to be rigorous.

Barclay Damon’s attorneys team across office and practices to provide their clients with customized, targeted solutions. If you have any questions about the DHS’s security directive or how best to comply, please contact Nick DiCesare or Kevin Szczepanski, co-team leaders of the Cybersecurity Team, at ndicesare@barclaydamon.com and kszczepanski@barclaydamon.com, respectively; Richard Capozza, leader of the Energy and Electric Power Teams and co-leader of the Oil & Gas, Renewable Energy, and Linear Infrastructure Teams, at rcapozza@barclaydamon.com; or Yvonne Hennessey, co-team leader of the Oil & Gas, Linear Infrastructure, and Energy Markets Teams, at yhennessey@barclaydamon.com.

Subscribe

Click here to sign up for alerts, blog posts, and firm news.

Featured Media

Alerts

Website Accessibility Lawsuits: Several "Tester" Plaintiffs—Primitivo Robles, Hannibal Wheatley, Valeria Jacobs, Marlelis Hernandez, and Omar Rodriguez—Targeting Businesses in Recent Flurry of Lawsuits

Alerts

Hitting the Reset Button: Second Circuit Decision Highlights Significant Statute of Limitations Issues for New York Foreclosure Plaintiffs

Alerts

NYS Department of Health Publishes Adopted Cybersecurity Regulations for Hospitals

Alerts

USPTO Highlights Risks of Using AI for Inventive Process

Alerts

Navigating New York State's Expanded Regulatory Landscape: Implications for Health Care Transactions

Alerts

Mind the Gap: Recent UCC Filings Not Disclosed in a Search

This site uses cookies to give you the best experience possible on our site and in some cases direct advertisements to you based upon your use of our site.

By clicking [I agree], you are agreeing to our use of cookies. For information on what cookies we use and how to manage our use of cookies, please visit our Privacy Statement.

I AgreeOpt-Out