Best Practices: How to Prepare for Your TSA Security Directive
Prepare for Your TSA Security Directive Deadline 10.27.22
The new requirements were issued through Security Directive Pipeline-2021-02C on July 27, 2022. We break the new directive for you here.
Pipeline owners and operators in the scope of the latest security directive have 90 days to develop and submit their Cybersecurity Implementation Plan for review and approval. This means that after October 27, 2022, those who haven’t created or adapted a detailed plan that covers critical cyber systems identification, network segmentation and access control measures, continuous monitoring, and patch management will be subject to fines.
The new approach supersedes previous directives and includes the following three core requirements:
- Establish and implement a TSA-approved Cybersecurity Implementation Plan that describes the specific cybersecurity measures employed and the schedule for achieving the outcomes described in Section III.A. through III.E of the directive.
- Develop and maintain an up-to-date Cybersecurity Incident Response Plan to reduce the risk of operational disruption, or the risk of other significant impacts on necessary capacity, as defined in the directive, should the Information and/or Operational Technology systems of a gas or liquid pipeline be affected by a cybersecurity incident (Section III.F. of the directive).
- Establish a Cybersecurity Assessment Program and submit an annual plan that describes how the Owner/Operator will proactively and regularly assess the effectiveness of cybersecurity measures and identify and resolve device, network, and/or system vulnerabilities (Section III.G. of the directive).
How to Best Comply with the Directives: Network Modeling
The new Security Directive details the following list of documentation to establish compliance:
- Hardware/software asset inventory that includes the SCADA environment
- Firewall rulesets and filtering policies
- Network diagram, including switch and router configurations
- Documents that informed the development and implementation of the Cybersecurity Implementation Plan, the Cybersecurity Incident Response Plan, and the Cybersecurity Assessment Program
- Snapshot activity data, including log files and up to 24 hours of network traffic capture
It’s recommended that pipeline security and compliance teams leverage this list as a starting point and walk backward to assess the gap between the information they currently have available and the expected deliverables from TSA.
The fastest way to produce accurate network diagrams and comprehensive firewall rulesets and filtering policies under such a tight deadline is to use network modeling technology.
Network modeling – or dynamic network representation – means proactively understanding which assets can connect to which services by building a model of the network using the configurations of OT firewall and router devices. It provides accurate, instant visibility of the network architecture and enables risk assessment without having to deploy any sensor or agent in the environment.
Need help? Contact Network Perception and let us help you with our network modeling capabilities to:
- Verify the correct implementation of network segmentation (III.B) and access control measures (III.C), including all external connections to the OT system.
- Ensure clear understanding of communication paths between IT and OT (III.F.1.b and III.F.1.d).
- Generate automatically network architecture diagram (III.G.2.b) with a representation of logical zone boundaries and their criticality.
Network Perception proactively and continuously assures the security of critical OT assets with intuitive network segmentation verification and visualization.
Our platform takes essential auditing technology and makes it continuous for proactive OT network security that builds cyber resiliency. NP-View creates intuitive topological maps that serve as a GPS for both technical and non-technical users, providing a unified ruleset review and insight into how to ensure network security.
Threats don’t wait for an audit, and neither should you. With Network Perception, you know your risk now and always and protect your critical networks with:
- Network Visualization and Firewall Ruleset Software for visualizing and analyzing your network topology.
- Network Risk Assessment and Architecture Review to protect your business with network segmentation and cybersecurity solutions. Our accurate connectivity paths, vulnerability visualizations, and topology mapping help you identify and secure your cyber assets.
- Firewall Ruleset Representation and Policy Review for a detailed analysis and report of your network security configuration.
Read more in our Whitepaper.
If you have questions or would like to know more about the most recent TSA deadline, please contact the Network Perception team at: