Cybersecurity Vulnerability & Gap Assessment
for TSA Regulated Pipeline Operators
In accordance with the Transportation Security Administration (TSA) Security Directive-2021-01, operators of hazardous liquid and natural gas pipelines or LNG facilities are required to perform a vulnerability assessment and gap assessment against section 7 of the TSA 2018 Pipeline Security Guidelines and submit a form summarizing the results of the assessment.
Section 7 of the TSA Security Guidelines requires a Cybersecurity Vulnerability & Gap Assessment as a precursor to a Cybersecurity Risk Assessment that aligns with ISA/IEC 62443-3-2.
aeSolutions’ Cybersecurity Vulnerability & Gap Assessment for TSA Regulated Pipeline Operators is a comprehensive third-party cybersecurity assessment of the pipeline’s compliance to the cybersecurity measures identified in Section 7 of the TSA Pipeline Security Guidelines. This service will provide the pipeline operator with a vulnerability register, the necessary information to complete the TSA assessment form, an initial ICS software and hardware asset inventory list, and recommendations to mitigate each vulnerability and gap identified through the process. It also includes an onsite survey to examine and evaluate existing facility cybersecurity measures, procedures, and operations.
The following deliverables are provided:
• Summary report
• Vulnerability register
• Preliminary software and hardware asset inventory
• Overview zone & conduit diagram
• Populated TSA assessment form (with remediation measures and timelines where available)
• Vulnerability and gap remediation recommendations
Why use aeCyberSolutions?
Identifying the gaps and the common remediation solutions can be a time consuming tasks that many companies do not have the bandwidth and/or knowledge to address with their current staff.
Our team has a strong existing knowledge of cybersecurity directives, regulations, and standards as well as being well-versed in midstream operations and SCADA systems
IT and Industrial (OT) cybersecurity know-how
aeSolutions uses a proven methodology and tools for conducting ICS cybersecurity vulnerability and gap assessments
These assessments can be used as fundamental starting point for a risk-based industrial cybersecurity program
Contact us to learn how we can help you review your current practices to identify gaps and related remediation measures, to address cyber-related risks, and assist you in reporting those results in the TSA form.