Name: TSA Pipeline Security Directive: What’s New and Recommendations
Start: 2022-09-08T15:00:00Z
End: 2022-09-08T15:00:58.000Z
Location: BrightTALK
Rating: 5

Xage Security is a global leader in zero trust access and protection on a mission to pioneer a secure tomorrow. Control access and prevent attacks in the cloud, in the data center, at the remote operational edge anywhere on Earth, and even in orbit with the Xage Fabric Platform. Xage is easy to manage and can be deployed in a day, giving users easy and secure access to the assets they need from anywhere, while preventing advanced adversaries and insider threats at every stage of the attack chain. Learn why organizations like the U.S. Space Force, PETRONAS, and Kinder Morgan choose Xage at xage.com.

Operational Technology (OT) environments are surrounded by mystery—and misinformation. From aging infrastructure to vendor-specific systems and limited visibility, many organizations rely on outdated assumptions to guide their security strategy. In this mythbusting webinar, we’ll rip the mask off three of the biggest misconceptions that could be putting your industrial operations at risk.

We'll expose:

Myth #1: “Connecting OT means compromising it”
For years, organizations have kept OT networks air-gapped, believing connection equals exposure. But in today’s digital-first world, disconnection is the real risk. If you’re still operating under the “never connect” mindset, you’re not just behind—you’re vulnerable.
Myth #2: "Patching is enough to stay protected"
It’s time to move beyond the patch-or-perish narrative. OT systems can’t always be patched on demand—sometimes, they can’t be patched at all. But that doesn’t mean you're out of options. 
Myth #3: "Seeing is securing”
Discovery & visibility tools give you insight, but they don’t enforce policy, block access, or contain breaches. Real protection comes from layered defense that starts where visibility stops.


Through tangible strategies and hands-on examples, Roman Arutyunov (Co-founder and SVP of Product), Victor Chang (Field CISO), and Chris Cone (Senior Solutions Architect) of Xage Security will bust these myths wide open, providing a clear, actionable roadmap to securing OT environments. Whether you’re in energy, manufacturing, utilities, or other critical industries, you’ll leave with practical insights and modern solutions to protect what matters most—without downtime or drama.

The OT Cybersecurity Illusion: Breaking Down the Biggest Myths

Artificial Intelligence is transforming industries, but its adoption brings risks that demand security that can keep up. In this webinar, Xage co-founders Roman Arutyunov and Susanto Irwan will examine the evolving AI threat landscape through real-world scenarios.
They’ll address critical questions on preventing rogue AI, securing sensitive data, enforcing guardrails on employee interactions, and protecting both digital and physical infrastructures. With practical examples and a demo, the speakers will demonstrate how Xage’s Zero Trust Fabric delivers identity-driven protection across agents, data, workloads, and infrastructure.

This session will equip CIOs, CISOs, Heads of AI, and technology leaders with a clear path to adopt AI confidently—driving innovation while maintaining control, compliance, and resilience.

AI Unleashed, Risk Contained: Securing Enterprise AI with Zero Trust

As cyber threats targeting critical infrastructure continue to intensify, utilities across North America are under mounting pressure to comply with a sweeping set of updates to the NERC Critical Infrastructure Protection (CIP) standards. With new enforcement timelines for CIP-003-9, CIP-005-7, CIP-010-4, and CIP-013-2 on the horizon, even Low Impact assets must now adhere to stricter access controls, audit logging, and vendor management practices.

This expert panel will unpack the key implications of these regulatory changes—who’s affected, what’s required, and how utilities can respond effectively. Join industry leaders as they explore strategies for how organizations not only meet evolving compliance mandates, but also strengthen their overall cybersecurity posture.

Whether you're just beginning your CIP readiness journey or refining an established program, this discussion will equip you with actionable strategies to secure the grid in 2025 and beyond.

Securing the Grid: Meeting the Evolving NERC CIP Standards

As industrial modernization accelerates, operational technology (OT) assets are increasingly coming online, creating new security challenges. How can organizations protect these critical systems while ensuring seamless IT and OT convergence? 

Join Xage Security’s Vishal Gupta and Darktrace’s Dr. Oakley Cox as they explore drivers and key security challenges of OT/IT convergence, as well as risk mitigation controls that organizations should put into place to keep pace with industrial modernization.

Securing Industrial Modernization: Managing OT-IT Convergence Risks

Compromised privileged accounts are key attack vectors on oil and gas operators as well as across other industries including global titans like Change Healthcare, Microsoft, and many others. Year over year account security and privilege management continue to be the biggest opportunity for attack prevention. However the risk is multiplied in oil and gas organizations with globally distributed operations, many remote locations with legacy operational technology, and other factors that contribute to account management complexity. This session will discuss real world account and access management challenges we’ve seen with critical infrastructure operators, and how to solve them, including:

Third-party access challenges – The need to enable and control the access of employees, contractors, and servicers
Insecure credentials – The need to reduce attack surface created by static or insecure OT credentials and lack of MFA
Monitoring and auditing visibility – The need to see which accounts were accessing which assets, and what they did.

Stale Privileged Accounts Are A Ticking Time Bomb

With a deadline on the horizon, CMMC 2.0 implementation is top of mind. Unfortunately it’s not as simple as following a recipe—the path to success varies widely based on the specifics of your organization and environment. Are you team Microsoft or team Google? What’s your technology ecosystem? In this webinar featuring Matt Koehr, President of Xage Government, and moderated by Carol Caley, PMM at Xage Security, we’ll discuss the requirements of CMMC and dig into how getting it right varies depending on your systems and setup.

Infinite Paths to Achieving CMMC 2.0 Success

When cyberattacks and security incidents in the news start affecting stock prices, and new SEC rules mean executives can be held personally accountable for cybersecurity failures, the board is bound to come knocking on the CISO’s door. 

Join a fireside chat with Victor Chang, a longtime CISO and advisor to many company boards, and Mathieu Gorge, Founder at Vigitrust and Author of The Cyber Elephant in the Boardroom. Victor and Mathieu will discuss how both sides of the table, from CISO to Board Chair, can ask the right questions and collaborate effectively to assure the security of their companies in a high stakes, increasingly complex situation.

The panel:
Guest Speaker: Mathieu Gorge | Founder & CEO of Vigitrust, Author of The Cyber Elephant in the Boardroom
Victor Chang | Head of IT, Compliance and Enterprise Security at Xage Security
Chase Snyder | Senior PMM at Xage Security

Cyber Risk & The Board of Directors: CISO Topics and Strategies to Level Up your "Board" Game

Privilege Access Management (PAM) provides a critical enterprise security control to mitigate the catastrophic risk associated with privileged users. While many enterprises are looking for a  PAM solution, existing PAM approaches struggle to find all privileged accounts, define access and policies, and provide broad coverage. These approaches are incomplete – leaving large chunks of the enterprise attack surface at risk. This webinar will dive into those challenges, and explore how Xage’s modern approach to Extended PAM enables protection from day one, while making it easy to discover privileges and enforce access.

Ditch Legacy PAM: How Xage Is Changing the Rules of Privileged Access

Discover why traditional VPNs, once a cornerstone of cybersecurity, now pose significant risks, including several recently zero-day exploits. An urgent shift towards zero trust security frameworks is underway, as enterprises seek safer alternatives for remote access, especially those with legacy systems.

Watch this webinar with Dr. Chase Cunningham (known as Dr. Zero Trust) and Roman Arutyunov, co-founder of Xage Security for a discussion on critical features to look for in VPN replacement, including extended use cases that enhance productivity, security, and cost efficiency. Whether you're an IT expert or a business leader, this webinar will provide valuable insights and a path forward when navigating away from VPN dependencies towards a more secure future.

Is My VPN Trying to Kill Me?

As the deadline for NIS2 compliance across the EU rapidly approaches, organizations are moving to update their security posture to comply before the mandates go into effect in October 2024. This Live Session Replay will provide a summary of NIS2 Compliance Requirements and how to achieve compliance, with special emphasis on how Xage Security supports the requirements, including:
Identity and access management and multi-factor authentication
Architecture and deployment of security measures
Compliance and incident response
Zero Trust Remote Access

NIS2 Compliance - an Identity-based Approach

SANs ICS Summit Session: Listen now to hear experts with decades of OT/ICS security experience discuss:

-Hidden challenges in managing identity, credentials, and access in ICS/OT
-How to improve user experience and security by orchestrating identity across OT, IT, and Cloud 
-How to achieve Defensible Architecture and other SANS ICS Critical Cybersecurity Controls

Identity Crisis: Solving the Access Management Challenge in OT and ICS

Xage Security joins Takepoint Research to discuss emerging trends in the industrial sector based on survey results from over 250 cybersecurity decision makers. This webinar covers topics including zero trust adoption across industries, differing priorities across job titles, and challenges with IT/OT convergence. Jonathan and Sri discuss emerging trends, pinpoint potential hurdles, and forecast future developments in the integration of zero trust strategies within the complex ecosystem of operational technology and industrial control systems.

State of Zero Trust in The Industrial Enterprise

Join Michael to hear why a layered security ecosystem is the only way. The core tactics of ransomware haven’t changed, but the scale of attacks, and the size of demands, has grown. What will it take to stop this scourge on modern enterprises? 
How is ransomware like an angry bear? Michael will review topics such as: 
-Valid credentials and compromised identities power every stage of the ransomware playbook, and actionable steps to block attackers at each layer. We’ll discuss:
-A close look at common ransomware initial access and lateral movement tactics that still work even though they haven’t changed for years, and how to finally stop them.
-The biggest security gaps that let ransomware in the door, and how to plug them for good with a layered ecosystem of detection and prevention approaches.
-Residual Risk: Why 80% of security leaders have been surprised by attack tactics they thought they had controls in place for, and how to stop getting caught off guard.
-How to stay proactive against ransomware, even if you think it is already inside your walls.

How To Not Get Mauled By A Bear. Can Ransomware Be Stopped?

Part 1: Micro and Macroeconomic Conditions Driving Booming M&A in Oil and Gas - Why there are so many and the unforeseen IT and cyber challenges that come with them

The Surge of M&A in Oil & Gas: Economic Drivers & the Hidden IT Cyber Challenges

Like the velociraptors in Jurassic Park, cyberattackers always find a way. As defenders tighten their controls, attackers open new fronts, change their attack tactics, and choose their targets to maximize profit and disruption. This webcast will discuss changes in cyberattack tactics, and how defenders can adapt:

- The increase in software supply chain attacks, plus massive growth in vulnerability exploitation as revealed in Verizon DBIR 2024.

- The state of stolen credentials as an attack vector. MFA bypass, MFA fatigue, and more.

- How AI is going to change the cyberattack landscape, and how to get ahead of it.


Join us live. We’ll take questions from the audience throughout, so you can drive the discussion too.

Exploits Up! Shifting Cyberattack Tactics Require New Defense Strategies

Zero Trust Network Access (ZTNA) has been growing in popularity for several years. Recently, we saw demand skyrocket with the disclosure of several vulnerabilities in popular VPN providers. While ZTNA is a more secure solution, there are still some concerns that traditional ZTNA may expose assets to threats, serving as a pivot point for lateral movement. It’s critical that organizations implement not just ZTNA, but asset protection as well. Attendees will gain an understanding of how zero trust principles interlace with asset protection concepts, and what to look for in technology offerings promising these capabilities.

Achieving Universal Zero Trust Access and Critical Asset Protection

In today’s interconnected business landscape, not only is third-party access to your systems inevitable—it's a strategic necessity. However, this access also represents one of the largest and least defended attack surfaces within any organization.
 
Join us to hear directly from industry leaders Mark and Cassie from Carolina Ports Authority and Schneider Electric, respectively, on how they are proactively defending their networks from third-party, contractor, and vendor access risks, as well as software supply chain vulnerabilities and back doors, to maintain integrity and trust in their highly interconnected operational environments.
 
What you’ll learn:
-How to Identify Risks: Understand how third parties and supply chain actors gain both overt and covert access to your systems, and the risks this entails.
-Strategic Advantages: Learn how to leverage controlled third-party access for operational efficiency without compromising security.
-Risk Management Steps: Gain actionable insights on creating and managing secure third-party and supply chain accounts quickly and efficiently.

Mitigating Third-Party Access Risks: Strategies from Experts

Xage CEO Geoffrey Mattson joins ARC Advisory Group at their annual conference to discuss challenges faced by industrial enterprises and how Xage can help. In this video, Geoff provides a company and product overview, including how Xage can help organizations improve their security posture and help address challenges associated with regulation, risk reduction, the pursuit of OT/IT convergence, and pricing justification.

ARC Advisory Group Executive Interview with Xage CEO Geoffrey Mattson

To combat the increasing number of cyber attacks targeted at critical infrastructure, the Department of Homeland Security's Transportation Security Administration (TSA) has issued three security directives in 2021-22 to increase security posture of owners and operators of gas and liquid pipelines in the USA. TSA’s third directive (Security Directive Pipeline-2021-02C) is effective as of July 27, 2022 and supersedes TSA’s second Pipeline Security Directive published in July 2021. 

The reissued security directive takes a performance-based approach to enhancing security, allowing operators to leverage new technologies and be more adaptive to changing environments. It’s a misconception that it has looser regulations. Rather, TSA is providing more flexibility to implement the requirements and achieve the ultimate objective of cyber hardening the critical Operational Technology (OT) and IT systems. 

Join HCL Technologies and Xage experts - Amit Pawar, Head of Consulting and Services at Xage Security, Neelakarun Asari, Global Head of Solutions & Services for Security of Things at HCL Technologies, and Roman Arutyunov, Co-founder and Head of Product at Xage Security, to learn more about what’s new in the revised TSA security directive as well as recommendations to comply with the TSA’s cybersecurity requirements.

TSA Pipeline Security Directive: What’s New and Recommendations

Cyber Security

Zero Trust Access

Multi-Factor Authentication

Identity Management

Access Management

Zero Trust

Security

Infrastructure

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

The energy community on BrightTALK brings together top experts from around the world. Find relevant webinars and videos on renewable energy, efficiency and more presented by recognized energy management thought leaders. Join the conversation by participating in live webinars and round table discussions on energy trends.

Energy

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

TSA Pipeline Security Directive: What’s New and Recommendations

Presented by

About this talk

Xage Security