New directive shows U.S. is taking pipeline cybersecurity requirements seriously