Per Ari Natter turned on 25/05/2021
President Joe Biden
WASHINGTON, DC (Bloomberg) – Biden administration moves ahead with mandatory cybersecurity requirements for pipelines, according to a person informed of plans, following ransomware attack earlier this month that paralyzed pipeline largest in the country.
Pipe operators should first report certain cyber attacks to the Department of Homeland Security under an upcoming security directive issued by the Transportation Security Administration, according to the person who spoke on condition of ‘anonymity to discuss government issues they had. has not yet been made public.
The directive, which is expected to force companies to establish a point of contact for cyber issues, is seen as a precursor to broader mandates for the pipeline sector that has resisted cyber security regulations in in favor of a voluntary system which, according to them, is more agile.
“The Biden Administration is taking additional steps to better secure our nation’s critical infrastructure,” the Department of Homeland Security said in a statement. “We will post additional details in the coming days.”
Although the Transportation Security Administration, a federal agency tasked with protecting the nation’s oil pipelines, has long had the authority to issue cyber requirements, it has instead relied on voluntary best practices and in the personal report of the industry to ensure operations.
Now, in the wake of the attack that shut down Colonial Pipeline Co., the agency is developing mandates that will establish rules on how pipeline companies should protect their systems from cyberattacks, as well as what steps they should take if they are hacked, according to the Washington Post, which previously reported on the new rules.
“This TSA safety directive is an important step in the right direction toward ensuring that pipe operators take cybersecurity seriously and report any incidents immediately,” said Rep. Bennie Thompson, chairman of the National Security Committee. Chamber.
Despite the colonial incident, which paralyzed a critical supply of gasoline and other refined products in New York and other East Coast cities that caused fuel shortages, the energy and pipeline industry remains wary of new ones. regulations, which they fear are overly prescriptive and too rigid to adapt to rapidly changing digital threats.
“We want TSA to hit everything it plans to do,” said John Stoody, a spokesman for the Oil Pipe Lines Association, which represents companies that include Colonial Pipeline. “For example, an overly broad information requirement could overwhelm TSA with hundreds of thousands of cyberattack reports every day that would be of no use to anyone.”