The government will issue cybersecurity guidelines in the coming days for US pipeline operators after a ransomware attack on Colonial Pipeline, resulting in fuel shortages throughout the Eastern Seaboard. According to a US official on Tuesday, the Transportation Security Administration (TSA) is slated to release a security directive this week that will address the issues raised by the Colonial Pipeline shutdown.
The TSA intends to issue the first of at least two security directives that would necessitate pipeline operators to notify it when they become victims or targets of cyberattacks, stated senior officials at the Department of Homeland Security. The move will also require each company to assign a point person for cybersecurity.
The Department of Homeland Security (DHS) is setting forth to regulate cybersecurity in the pipeline industry for the first time to prevent a repeat of a remarkable computer attack that crippled almost half the East Coast's fuel supply this month. This incident underscored the susceptibility of crucial infrastructure to online attacks. According to DHS officials, the TSA will follow up in the coming weeks with a more robust set of mandatory rules for how pipeline companies should shield their systems against cyberattacks and the actions they should take if they are hacked, reported The Washington Post.
New Regulations
The DHS did not immediately return messages asking for comments on the new guidelines. Following a ransomware attack forcing Colonial to close its whole network, thousands of gas stations throughout the US Southeast ran out of fuel. Motorists fearing prolonged shortages raced to fill up their vehicles, reported Channel News Asia.
According to the TSA, a unit of the DHS "is coordinating with companies in the pipeline sector to ensure they are taking all necessary steps to increase their resilience to cyber threats and secure their systems." TSA is working hand-in-hand with another unit of DHS, the Cybersecurity and Infrastructure Security Agency, reported Reuters.
The directive will indicate a requirement for pipeline companies to report cyber incidents to the federal government, according to an official speaking on condition of anonymity because the proposal has not yet been publicly issued. It addresses the ransomware attack that resulted in the shutdown of the pipeline this May. It also depicts a broader focus of President Joe Biden's administration on cybersecurity following a series of harmful intrusions by overseas hackers.
The order should be regarded as step one in an expounded program by the current administration to bolster the security of over 2.5 million miles of US pipelines. Step two will be a stronger mandate in the coming weeks that will necessitate pipeline owners to take concrete actions to secure their assets against attacks.
The agency has proffered merely voluntary guidelines in the past. The Colonial Pipeline hack that shutdown pipeline for 11 days this May prompted panic buying and gasoline shortages in the southeastern US, including in the country's capital.
