Dragos offers a succinct overview of the recently updated TSA Pipeline Security Guidelines. The updates are highlighted among four categories: creation of the Cybersecurity Coordinator role; asset management and criticality; cyber risk, vulnerability, and gap assessments; incident response and reporting. Based on those categories and Dragos’ own experience helping countless industrial organizations, it offers four questions to use in assessing your organization’s maturity and determining a roadmap forward to greater infrastructure resilience:

1. How mature are we, and how mature do we want to be?
2. What threats do we face, and what real-world events have taken place?
3. Can we respond to a really bad day?
4. Do we have Asset Visibility in our OT environment?

There is great value in following or referencing guidance for other critical infrastructure sectors (e.g., electricity, oil & gas, etc.) especially when we don’t have to. Cyber mature utilities can find validation in knowing their strategies are in line with standard guidance, while less resourced utilities gain a better understanding of the requirements and where to focus their limited resources.  Read more at Dragos.