The new TSA cyber security requirements developed based on the Colonial Pipeline event will require timely identification and notification of cyberattacks. There have been more than 50 control system cyber incidents in natural gas and liquid pipeline systems yet only the Colonial Pipeline incident has been identified as being a cyber incident (cyberattack). Detecting cyberattacks against IT and OT can be done today. However, the same cannot be said for detecting control system cyber incidents (attacks and unintentional incidents) that occur with cyber insecure field devices. There is a need to continue existing cyber security training for IT and OT network operators but to extend the training to include real cases. Cyber security training is needed to be developed based on real cases for engineering and operations personnel to recognize network cyber incidents and system/equipment malfunctions that could be cyber-related. There is also a need for government and industry to coordinate the myriad standards and governmental activities on critical infrastructure cyber security to assure there are no inconsistencies. TSA cyber security requirements are still not addressing control system-unique issues
