TSA revises pipeline cybersecurity directives at one-year mark, plans formal rulemaking

The Transportation Security Administration is renewing and revising two cybersecurity directives for pipeline operators issued after the 2021 Colonial Pipeline ransomware attack, lengthening the timeline for reporting cyber incidents in one of the orders, while promising a formal rulemaking process over the next year covering “pipelines and other surface transportation systems.”

“TSA also intends to issue a notice of proposed rulemaking within the next year that, if issued as a final rule, would – for the first time – permanently...