The security directive for pipeline owners and operators — released following the disruptive cyberattack that hit Colonial Pipeline in 2021 — requires them to implement measures to improve their defenses against cyberattacks.

The TSA updated the requirements in July 2022 to offer more flexibility in achieving the outlined goals. Exactly one year later, the agency has released another updated version with additional requirements.

“Earlier versions required the development of processes and cybersecurity implementation plans. This version requires that operators test and evaluate those plans,” said TSA administrator David Pekoske.