Louisiana is one of the most critical nodes in North American energy and chemical infrastructure. The Gulf Coast corridor from Baton Rouge through Lake Charles to the Gulf of Mexico hosts the largest concentration of LNG export capacity in the world, a dense petrochemical manufacturing base, multiple major refineries, and the pipeline interconnect infrastructure that ties US energy supply to global markets. The operational technology running this infrastructure, from LNG liquefaction control systems to DCS platforms managing continuous chemical manufacturing, represents some of the most consequential industrial control systems in North America.
TSA Pipeline Security Directives, issued following the 2021 Colonial Pipeline incident and subsequently expanded, impose specific OT security requirements on pipeline operators across Louisiana's Gulf Coast network. EPA Risk Management Program regulations apply to chemical facilities above threshold quantities. And the CISA advisory ecosystem has specifically identified LNG and Gulf Coast petrochemical infrastructure as high-priority targets in the current threat environment.
We provide OT cybersecurity assessments, IEC 62443 alignment, and compliance-focused OT security services for industrial operators across Louisiana, delivered remotely and on-site.
The OT Cybersecurity Risk Landscape in Houston
and the Texas Energy CorridorThe OT Cybersecurity Risk Landscape in Louisiana's Industrial Corridor
LNG Export Terminal Operations
Louisiana hosts several of North America's largest LNG export facilities, including Sabine Pass LNG in Cameron Parish, Calcasieu Pass, and the under-construction Plaquemines LNG facility. These terminals operate cryogenic liquefaction trains, marine loading systems, and extensive safety systems managing hazardous material handling at the intersection of pipeline infrastructure and marine terminals. The OT environments at LNG terminals are among the most complex in the energy sector, combining process control, safety, and utility systems from multiple vendors across a large geographic footprint.
Petrochemical and Chemical Manufacturing
The Baton Rouge to Lake Charles corridor hosts a dense cluster of petrochemical facilities producing ethylene, chlorine, styrene, ammonia, methanol, and a range of derivative chemicals. These facilities operate safety instrumented systems managing hazardous process conditions and run DCS platforms controlling continuous reactions that cannot tolerate unplanned interruptions. Many facilities in this corridor are subject to EPA Risk Management Program requirements, which now include cybersecurity considerations for covered processes following the 2024 RMP amendments.
Refining Operations
Louisiana's refinery complex processes Gulf of Mexico crude and imported feedstocks into transportation fuels, lubricants, and petrochemical feedstocks. Refinery OT environments include both legacy DCS systems that have been in service for decades and newer platforms managing recently expanded or upgraded units. The heterogeneous OT landscape that results from decades of incremental investment creates segmentation challenges across multiple vendors, patching cycles, and security capability levels within a single facility.
Pipeline and Gathering Systems
Louisiana is a major node in the US natural gas, crude oil, and product pipeline network. Intrastate pipeline operators and gathering system operators across the state are subject to Louisiana Public Service Commission requirements alongside TSA Pipeline Security Directives for interstate operators. SCADA networks managing these systems span remote compressor stations, metering points, and valve control systems across the state, with remote access provided through cellular and satellite communications links that require specific hardening.
Compliance Standards for Louisiana Industrial Operators
| Standard / Regulation | Applies To | Key OT Requirement |
|---|---|---|
|
TSA Pipeline Security Directive 2021-02C (and successors) |
Interstate natural gas and hazardous liquids pipeline operators | Network segmentation, access control, architecture review, and annual OT assessment |
|
EPA Risk Management Program (RMP) - 2024 amendments |
Chemical facilities above RMP threshold quantities | Cybersecurity for process control and safety systems, incident notification |
|
USCG Maritime Security (MARSEC) - NVIC 01-20 |
Marine facilities and vessels in US waters | Cybersecurity risk management for maritime OT systems |
| IEC 62443 | Industrial automation and control system operators | Zone and conduit architecture, Security Levels, access and patch management |
|
NERC CIP (CIP-002 through CIP-014) |
Bulk Electric System asset owners and operators | OT asset identification, access management, and incident response |
| NIST SP 800-82 Rev. 3 | Critical infrastructure operators | OT-specific security controls, asset inventory, and network monitoring |
Industries We Serve in Houston and the Texas Energy Corridor
OT Cybersecurity Services for Louisiana Industrial Operators
Multi-Framework OT Compliance Assessment
Louisiana industrial operators often face obligations under multiple regulatory frameworks simultaneously: TSA directives for pipeline operations, EPA RMP requirements for chemical processes, and USCG Maritime Security for terminal operations. We conduct integrated OT assessments that map your current controls against all applicable frameworks, identify overlapping requirements where a single control satisfies multiple obligations, and deliver a unified remediation roadmap rather than separate compliance projects for each regulation.
LNG Terminal OT Security
LNG terminal OT security requires understanding both the process control architecture of liquefaction and regasification systems and the maritime security requirements that apply to the marine transfer side of operations. We assess LNG terminal OT environments, including liquefaction train DCS, safety instrumented systems, utilities control, and marine loading systems, developing security architectures that address both TSA and USCG requirements within the operational constraints of continuous terminal operations.
EPA RMP Cybersecurity Compliance
The 2024 EPA RMP amendments require covered facilities to address cybersecurity in their Risk Management Programs. For Louisiana chemical and petrochemical operators, this means identifying process control and safety systems that manage covered processes and demonstrating that cybersecurity risks are assessed and managed. We help operators develop the cybersecurity component of their RMP documentation, conduct the required vulnerability assessments for covered systems, and implement the access controls and monitoring requirements specified in the amendments.
IEC 62443 Alignment and Zone Architecture
IEC 62443 provides the technical framework that underpins OT security compliance across all applicable Louisiana regulations. Zone and conduit architecture, Security Level assignment, and systematic control implementation give operators a structured, internationally recognised approach that satisfies the technical control requirements of TSA directives, EPA RMP cybersecurity provisions, and NERC CIP simultaneously. We conduct Security Level assessments and design remediation programs aligned to IEC 62443 Part 2 and Part 3.
OT Vulnerability Assessment and Passive Monitoring
Passive OT vulnerability assessment provides risk-prioritised findings across your control system asset base without disrupting live operations. For Gulf Coast chemical and LNG facilities running continuous processes, passive assessment is the only appropriate methodology for live environments. Findings are contextualised against your network architecture and operational constraints, producing a remediation roadmap that is actionable within your operational and regulatory timeline.
Incident Response Planning for Regulatory Compliance
TSA directives require covered pipeline operators to have a tested cybersecurity incident response plan. EPA RMP cybersecurity provisions require incident notification procedures for covered processes. We develop OT-specific incident response plans and tabletop exercise programs that satisfy both requirements, with scenarios based on current threat intelligence for Gulf Coast industrial infrastructure.
Frequently Asked Questions
The 2024 RMP amendments add cybersecurity requirements for facilities with covered processes. Specifically, they require operators to include cybersecurity in the process hazard analysis for covered processes, conduct vulnerability assessments of process control and safety systems, implement access controls for those systems, and include cybersecurity incidents in their emergency response notification procedures. Louisiana chemical and petrochemical operators above RMP threshold quantities need to assess which of their OT systems control covered processes and develop a compliance program accordingly.
TSA Pipeline Security Directives apply to the pipeline segment of your operations, including the interconnects bringing gas to the liquefaction facility. USCG Maritime Security requirements under NVIC 01-20 apply to the marine facility and vessel interface. There is meaningful overlap in the technical OT security controls that satisfy both network segmentation, access control, and asset inventory requirements under TSA directives, which are consistent with USCG maritime cybersecurity expectations. An integrated assessment that covers both the pipeline OT environment and the marine terminal OT environment is more efficient than running separate compliance projects.
Process Safety Management under OSHA PSM and EPA RMP has historically focused on physical and procedural causes of process safety incidents. The 2024 RMP amendments and current industry guidance now recognise cyber as a cause of process safety events. OT security integrates into PSM by adding cybersecurity to the process hazard analysis methodology, including cyber-initiated failure scenarios in HAZOP studies, and ensuring that safety instrumented systems are protected from unauthorised modification that could compromise their safety function. For Louisiana facilities running both PSM and RMP programs, this integration is both a compliance requirement and a genuine process safety improvement.
TSA Pipeline Security Directives apply to owners and operators of critical pipeline infrastructure as designated by TSA. Interstate pipelines above certain capacity thresholds were the initial focus, but TSA has expanded its advisory guidance to encourage intrastate operators to adopt equivalent security measures. Louisiana intrastate pipeline operators should consult current TSA guidance and CISA advisories to determine whether any directive applies to their specific operations and should implement equivalent OT security controls as a risk management matter, regardless of formal directive applicability.
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}