Complying with the TSA Cybersecurity Directives for Critical Infrastructure

To combat the increasing number of cyberattacks targeted at critical infrastructure, the Department of Homeland Security's Transportation Security Administration (TSA) issued several security directives in 2021-22. The first TSA Security Directive, SD02C, aims to increase the security posture of the owners and operators of US-based gas and liquid pipelines. The other TSA Security Directive (SD 1582-21-01) focuses on improving cybersecurity for passenger and freight railroad carriers. The guidance contained in the directives overlaps almost entirely, but the applicable organizations are different and there are slight differences throughout the documents.

This paper will provide a brief introduction of each Security Directive separately, followed by a detailed walkthrough of the guidance with callouts for industry-specific differences.