DHS confirms new cybersecurity rules for pipeline companies
The measures follow a ransomware attack that halted Colonial Pipeline deliveries for several days
As expected, the Department of Homeland Security’s Transportation Security Administration (TSA) has issued mandatory cybersecurity rules for pipeline companies.
Under the security directive, critical pipeline owners and operators will have to designate a cybersecurity coordinator with around-the-clock availability.
The US plans a combination of moves towards Russia over SolarWinds cyberattack
They’ll also need to report cybersecurity incidents, including confirmed and potential issues, to the Cybersecurity and Infrastructure Security Agency (CISA).
In addition, critical pipeline owners and operators will have to assess their current cybersecurity practices, pinpoint vulnerabilities, and review their plans to address risks.
They’ll have 30 days to report their findings to TSA and CISA. Those might not be the only measures, as TSA is considering other directives.
Pipeline cybersecurity has been brought into focus in recent weeks, following a ransomware attack on Colonial Pipeline.
The company paused gasoline and diesel deliveries several days earlier this month after its billing system was compromised. That led to fuel shortages in some areas.
Colonial Pipeline attack: A ‘wake up call’ about the threat of ransomware
“The cybersecurity landscape is constantly evolving and we must adapt to address new and emerging threats,” Secretary of Homeland Security Alejandro N. Mayorkas said in a statement.
“The recent ransomware attack on a major petroleum pipeline demonstrates that the cybersecurity of pipeline systems is critical to our homeland security. DHS will continue to work closely with our private sector partners to support their operations and increase the resilience of our nation’s critical infrastructure.”