Key Highlights:
- The US administration is working with pipeline companies to secure protections against cyber attacks
- The new set of rules mandates pipeline operators to address cyber threats and report incidents to federal authorities
- In case of non-addressals, companies will be faced with financial penalties
Most disruptive cyberattack on record
Recently, the Department of Homeland Security (DHS) informed that the US administration is working with pipeline companies to mandate protections against cyberattacks in wake of the recent Colonial Pipeline hack.
A unit of the DHS, the Transportation Security Administration (TSA) is working in coordination with pipeline companies. TSA is working towards ensuring necessary steps to improve cyber resilience against ransomware attacks and other threats in order to secure their system. It is collaborating with the Cybersecurity and Infrastructure Security Agency, another branch unit of the DHS.
Security Guidelines
According to reports, DHS will be disclosing more details on the matter in the upcoming days, without the release of any particulars. TSA will be issuing its first security directive necessitating pipeline operators to report cyber incidents to federal authorities within the end week of May 2021. Besides reporting cyber threats, pipeline operators will be faced with a mandatory and robust set of rules and regulations to safeguard their systems against cyber-attacks and the steps to be taken in case the systems are hacked.
The new regulations were discussed after DHS Secretary Alejandro Mayorkas and other top officials considered how they could use existing TSA powers to bring change to the industry. Representative Bennie Thompson, chair of the Homeland Security Committee in the House of Representatives, called the move a major step in the right direction towards ensuring that pipeline operators are taking cybersecurity seriously and reporting any incidents immediately.
Related: Improvements of cybersecurity by AI and its applications
The Colonial Pipeline Hack
On May 7, a cyber-attack on the Colonial Pipeline triggered the pipeline’s systems to go offline. About 5500 mile (8900 km) long, the ransomware attack on the system was recorded as the most disruptive cyberattack. It prevented millions of barrels of gasoline, diesel and jet fuel from being transported to the East Coast from the Gulf Coast. It further posed a threat to the supply of refined petroleum products to gas stations in major cities on the U.S. eastern seaboard.
There was no clarification regarding the hackers whatsoever. However, the colonial pipeline hack prompts concerns of threats to other critical infrastructures such as dams, health care and sewage systems which lack mandated and regulatory cyber standards. As per official reports, the new rules can be expected within a few weeks and will require companies to fix and address shortcomings and will be otherwise faced with financial penalties.
Also Read: The 10 Emergent Cybersecurity Companies 2021