“The Biden administration is taking additional steps to better protect our nation’s critical infrastructure. TSA, in close collaboration with (Security and Cybersecurity Agency), is coordinating pipeline companies to make sure they are taking all necessary steps to increase their resilience to combat cyber threats and protect their systems. We will post additional details in the coming days, “said DHS spokeswoman Sarah Peck.
The directive will be issued by the Transportation Safety Administration, which is the main federal agency for transportation safety, including the safety of hazardous materials and pipes.
The fountain is still under construction and unfinished, adding that this would be the first step as the department continues to work on a more muscular proposal to improve the safety of the pipes.
The Washington Post first reported on the proposal.
Pipeline operators currently comply with TSA safety guidelines and report cybersecurity incidents on a voluntary basis.
Earlier Tuesday, Homeland Security Secretary Alejandro Mayorkas told reporters that “ransomware is one of the biggest cybersecurity threats we face in the United States,” speaking at a TSA event about summer travel.
The department “works very closely with a public-private partnership” to inform the business and cybersecurity community about how to prevent and respond to such attacks, he said.
The draft directive will require companies to report cyber incidents to the Cybersecurity and Infrastructure Security Agency, a division of DHS, another known source told CNN.
This is the first time TSA has required these companies to report cyber incidents, according to the source, which the Biden administration considers a “first step” that can be done quickly with other robust requirements and ideas still under discussion.
Safety guidelines are issued when there are urgent circumstances, as was done in the case of face masks, a DHS official said.
The use of a directive would allow the department to take these steps temporarily without the need for new federal regulations or legislation. But these steps could be taken later.
Meanwhile, Colonial Pipeline is still trying to reduce the way its network was breached after the ransomware attack that led to the closure of the critical pipeline, CNN previously reported.
The incident sparked a massive federal response to prosecute the perpetrators and prevent further breaches. Following the attack, critical infrastructure companies have turned to the Cyber Security and Infrastructure Agency for information and increased visits to the agency’s ransomware resources websites.
Last week, the agency publicly released a set of technical data from the colonial incident to help other critical infrastructure companies and utilities defend themselves against similar attacks.
There has been some frustration from the Security and Cybersecurity Agency that some private sector companies in critical infrastructure sectors still do not see the agency as the first call to make such incidents, CNN told a former DHS official.
Colonial Pipeline reported the attack to the FBI on the morning of May 7 and has continued to work with the FBI regularly, a company spokesman said earlier.
“They did not contact CISA directly,” Brandon Wales, the acting director of the Cyber Security and Infrastructure Agency, told lawmakers during a hearing Tuesday on Capitol Hill earlier this month. “The FBI took us after they were notified of the incident.”
When asked if it was a “problem” for the cybersecurity agency not to be notified directly, Wales said: “I think there is an advantage when CISA is introduced quickly because the information we get we work to share- that of a broader fashion to protect other critical infrastructures. “
The agency received information from Colonial Pipeline shortly after the incident occurred and subsequent updates were provided primarily through the Department of Energy, a cybersecurity agency spokesman previously told CNN.
U.S. officials and cybersecurity experts have told CNN that the colonial incident only reinforces the belief that private companies should do more to protect themselves from being attacked by ransomware attackers, but that if those rules should be regulated by the federal government remains a matter of debate.
“Companies need to do a better job securing their businesses,” Adam Meyers, senior vice president of intelligence for cybersecurity company Crowdstrike, told CNN, adding that “there are some basic things that companies they can do it to become a more difficult target. “
Criminal actors “will take the path of least resistance,” he said.
“We’re talking about building a slightly safer business, making sure you have the latest technology. Organizations don’t really fight hard enough to protect themselves,” Meyers said.
CNN previously reported that Biden administration officials had privately expressed frustration at what they saw as Colonial Pipeline’s weak security protocols and lack of preparedness that could have allowed hackers to attack a crippling ransomware attack. , according to officials familiar with the government’s initial investigation into Last week, Colonial Pipeline CEO Joseph Blount told the Wall Street Journal that he had authorized a $ 4.4 million ransom payment in response to the cyberattack on the company’s network, in the first public announcement about payment. The Cybersecurity and Infrastructure Agency and the FBI do not encourage the payment of ransom to delinquent actors because it can encourage opponents to turn to additional organizations and does not guarantee that the victim’s files will be recovered.
“It was the right thing for the country,” Blount said. “I didn’t do it lightly. I’ll admit I didn’t feel comfortable watching money come out the door to people like that.”
Colonial’s pipeline system returned to normal operations on May 15, the company said, about a week after the ransomware attack was discovered, which helped alleviate the gas shortage affecting consumers. on the east coast.
Mississippi Democrat House Speaker Bennie Thompson described the move to implement a security directive as an “important step in the right direction.”
“While the attack on the colonial pipes shows that there is much more work to be done to protect the country’s critical oil pipelines and other infrastructure from cyber attacks, this TSA security directive is an important step in the right direction towards to ensure that pipe operators take cybersecurity seriously and report any incident immediately, ”it said in a statement.
TSA will remain “the federal entity responsible for pipeline safety with authorities to demand safety requirements,” Thompson said.
This story has been updated with additional information.
CNN’s Zachary Cohen and Gregory Wallace contributed to this story.