The Transportation Safety Administration released a Security Directive on Enhancing Pipeline Cybersecurity. The directive follows largely ineffective, voluntary pipeline security guidelines established by the TSA in 2010 and updated in 2018. Pipeline companies must report cybersecurity incidents to DHS’s Cybersecurity and Infrastructure Security Agency no later than 12 hours after a cybersecurity incident is identified. Some oil and gas companies greeted the directive with skepticism, saying the administration pushed the directive out the door to generate a message of swift action in the wake of the Colonial Pipeline attack. Experts say the directive is long overdue but is only just the start toward more robust pipeline security requirements.”]