July 5, 2023
September 11, 2023

Understanding the Revised TSA Regulations: From SD-02C to SD-02D

Understanding the Revised TSA Regulations: From SD-02C to SD-02D

The Transportation Security Administration (TSA) unveiled its latest revision to the Security Directive (SD) concerning pipeline cybersecurity on July 26, 2023, marking a pivotal transition from SD-Pipeline-2021-02C to the SD-Pipeline-2021-02D. This article aims to provide a succinct breakdown of the key changes and implications for the owner/operators of TSA-designated hazardous liquid and natural gas pipelines or liquefied natural gas facilities.


The SD series addresses the cybersecurity mitigation actions, contingency planning, and testing for pipelines. The newly released SD-Pipeline-2021-02D, which can be read at:  https://www.tsa.gov/sites/default/files/tsa-sd-pipeline-2021-02d-w-memo_07_27_2023.pdf, is designed to be a continuation of the series, overriding its predecessor, SD-Pipeline-2021-02C. This directive mandates that owner/operators bolster their cyber resilience through the adoption of a TSA-approved Cybersecurity Implementation Plan (CIP).

Key Revisions to the Security Directive

Outlined below are the significant changes introduced in SD-Pipeline-2021-02D:

1. Re-evaluation of Critical Cyber Systems (Section II.A.3): Owner/operators that don't currently possess Critical Cyber Systems need to reassess their systems, particularly if there's a change in their operational methods. Any such changes warrant notification to the TSA, followed by compliance with SD's protective measures for these systems.

2. Amending the CIP (Section II.B.3): A new provision emphasizes that if there's a need to update the CIP due to SD revisions, owner/operators must follow the amendment procedures detailed in Section VI.

3. Removal of Alternative Measures (Section II.B.4): This entire section has been omitted from SD-Pipeline-2021-02D, as all critical owner/operators' CIPs have received TSA approval.

4. Inclusion of Additional Critical Cyber Systems (Section III.A): Post-consultation, the TSA might inform an owner/operator to include other critical systems, which weren't previously identified in their CIP.

5. Revised Cybersecurity Incident Response Plan (CIRP) Requirements (Section III.F.1.e): There are new mandates for the CIRP exercises, which include:

    - Annual testing of at least two CIRP objectives.

    - The compulsory inclusion of designated employees in CIRP exercises.

6. Cybersecurity Assessment Program Revamp (Section III.G): This section transitions from "Program" to "Plan" and introduces:

    - An obligation to submit an annual CAP update for TSA's review and approval.

    - A structured CAP schedule for the periodic evaluation of specific cybersecurity actions.

    - The introduction of an annual CAP report that should be presented to the TSA.

7. Explicit Inclusion of Previous Assessments (Section IV.A): Earlier plans, evaluations, and tests that adhered to the SD's requirements now need to be explicitly incorporated into the CIP.

8. Document Submission Protocols (Section V.C): Owner/operators are now mandated to submit documents in a manner dictated by the TSA, offering flexibility for future capabilities.

The shift from SD-02C to SD-02D marks a deliberate and strategic effort by the TSA to bolster the cybersecurity landscape of the pipeline industry. With an ever-evolving digital threat horizon, these revisions are instrumental in ensuring that the nation's critical infrastructure remains resilient, robust, and ahead of potential threats.

BlastShield: Your Ultimate Solution to TSA's Cybersecurity Directives

Pipeline owner/operators are advised to familiarize themselves with these revisions meticulously and ensure compliance, enhancing not just their operational integrity but also contributing to the broader national security paradigm. Unplanned downtime due to cyber attacks doesn't just dent operational productivity, but also poses significant financial and reputational risks. With the TSA’s revamped cybersecurity directive, born from the lessons of the colonial pipeline event, companies face the dual challenge of fortifying defenses and meeting stringent regulations.

Enter BlastShield: a comprehensive cybersecurity solution offering a streamlined approach to meeting TSA's critical directives. Let's delve deeper into how BlastShield can seamlessly integrate with and elevate your existing cybersecurity infrastructure.

1. Network Segmentation - Keeping Threats At Bay

BlastShield addresses the most common challenge faced by companies today: the prohibitive costs of implementing and maintaining firewalls. Serving as a distributed firewall, BlastShield enforces network segmentation to contain and isolate threats. Should malware infiltrate one part of your OT environment, its spread is drastically restricted, thereby reducing potential damage. 

Consider a scenario where a breach could lead to a $40 million catastrophe; BlastShield's unique segmentation method can confine the breach to a single compressor station, minimizing the fallout. The result? Faster remediation, reduced downtime, and enhanced security. All this while seamlessly achieving TSA compliance.

2. Fortifying Remote Access Points

The advent of remote working, driven by the Covid-19 pandemic, has made the security of remote access points non-negotiable. As traditional VPNs, once seen as the solution, now become potential vulnerabilities, BlastShield provides a robust defense strategy. With the integrated BlastWave offering, stringent access controls and advanced authentication protocols ensure only authorized personnel can access your network, significantly mitigating potential threats and ensuring continuous operations.

3. Ensuring Legacy Systems Aren't Your Achilles' Heel Through Network Cloaking

Legacy systems, often seen as vulnerable touchpoints, can be fortified with BlastShield's innovative cloaking mechanism. Instead of resorting to the conventional methods of adding more firewalls or disconnecting these systems entirely, BlastShield obscures their visibility. This cloaking mechanism ensures that systems are not scannable or reachable until after stringent authentication checks, thereby significantly reducing the risk of attacks and ensuring compliance with TSA directives.

The BlastShield Advantage: Optimal Savings & Unmatched Security

Besides the superior cybersecurity it provides, BlastShield brings tangible cost benefits:

- Sidestep the need for high-priced expert resources.

- Drastically cut down on travel and related expenses by offering secure remote access for specialists.

- Benefit from reduced insurance premiums owing to minimized risks and enhanced compliance.

With up to 70% cost savings, BlastShield doesn't just promise unparalleled cybersecurity but also fiscal efficiency.

The Verdict

Your next strategic move in the ever-evolving cybersecurity landscape is clear: BlastShield. Embark on a free trial journey and witness the groundbreaking preventative measures BlastShield brings to the table. 

Start your free trial today: https://www.blastwave.com/free-trial

With network cloaking capabilities, your operations become almost invisible to threats, both from within and outside. In the battle against cyber threats, fortify your defenses with BlastShield and ensure operational continuity, efficiency, and robust cybersecurity.

OT Secure Remote Access
Network Cloaking
Network Segmentation

Experience the simplicity of BlastShield to secure your OT network and legacy infrastructure.

Schedule a Demo