Published 13 Aug 2025

OT cyber regulation in 2025: expectations vs. reality

With a new Administration that issued a government-wide regulatory freeze on Jan. 20 and launched a deregulatory executive order eleven days later, many in industry expected rollbacks or lighter enforcement this year.

In OT, that did not materialize.

TSA renewed and updated its pipeline cybersecurity directive effective May 3, 2025, and CISA’s CIRCIA rulemaking continues on a path toward a late-2025 final rule and 2026 effective date.

Why it matters

Critical infrastructure cybersecurity is being treated as a national resilience priority, not a partisan debate. Despite broader deregulatory signals in 2025, mandatory OT cybersecurity requirements remain in place and CIRCIA reporting is still expected once the final rule takes effect. That keeps pressure on operators to deliver timely, defensible incident evidence.

State of play

• Pipelines: TSA’s SD Pipeline-2021-02F remains in force through May 2026, keeping required mitigation, testing, contingency planning, and annual assessment reporting in place.

• Cross-sector baseline: CIRCIA reporting is not required until the Final Rule takes effect, but the NPRM and federal schedules point to late 2025 publication and 2026 applicability, with the 72-hour incident and 24-hour ransom-payment clocks unchanged in the proposal.

• Water utilities: Rather than new rules, EPA emphasized grants, free cybersecurity assessments, and incident-response training in 2025. The emphasis on readiness signals higher expectations for utilities

Between the lines

In 2025, lawmakers and industry groups pushed agencies to align definitions and cut duplicate reporting, not to roll back incident rules.

Zoom in: why SIGA matters now

SIGA supplies the process evidence that are critical for incident reports.

• Level 0 record: SigaGuard reads raw I/O signals out of band, creating a tamper-resistant, time-stamped view of what the process actually did.
• Faster, cleaner reporting: Level 0 timelines help verify impact, cut false positives, and back up incident reports under cross-sector and sector rules.
• Decision and readiness: SigaGuardX distinguishes operational events from cyber breaches and flags false-data injection. Siga-PAS simulates process attacks so teams can test detection and reporting without disrupting operations.

The bottom line

No rollback in 2025. Pipelines stay under TSA, CIRCIA is next. Regulators want process proof, not just logs. SIGA delivers Level 0 evidence, detection, and rehearsal.


Copy Copy link X Facebook LinkedIn
Protecting the Process Layer of Critical Infrastructure with an unhackable source of truth
Our blog

Lastest blog posts

Tools and strategies to keep your infrastructure safe.

View all posts

Data Centers Harden IT. CPS Remains Soft

04 June 2026

Data center infrastructure is built for resilience. Power, cooling, and physical security systems are tightly engineered to keep operations running, even under...

Recent Lesson from Warfare: Process Integrity Part of the Battleground

16 April 2026

As documented in Advisory AA26-097A, kinetic warfare now extends to critical infrastructure. When adversaries can manipulate the very data operators use to...

Gartner Explains the Shift from Prevention to Resilience

09 April 2026

For many years, prevention has been the focus within OT cybersecurity.  This approach is best compared to a fortress – building higher...