DHS confirms new cybersecurity rules for pipeline companies

The measures follow a ransomware attack that halted Colonial Pipeline deliveries for several days.

Sponsored Links

Fuel tanks are seen at Colonial Pipeline Baltimore Delivery in Baltimore, Maryland on May 10, 2021. - The US government declared a regional emergency Son May 9, 2021 as the largest fuel pipeline system in the United States remained largely shut down, two days after a major ransomware attack was detected. The Colonial Pipeline Company ships gasoline and jet fuel from the Gulf Coast of Texas to the populous East Coast through 5,500 miles (8,850 kilometers) of pipeline, serving 50 million consumers. The company said it was the victim of a cybersecurity attack involving ransomware -- attacks that encrypt computer systems and seek to extract payments from operators. (Photo by JIM WATSON / AFP) (Photo by JIM WATSON/AFP via Getty Images)
JIM WATSON via Getty Images

As expected, the Department of Homeland Security’s Transportation Security Administration (TSA) has issued mandatory cybersecurity rules for pipeline companies. Under the security directive, critical pipeline owners and operators will have to designate a cybersecurity coordinator with around-the-clock availability. They'll also need to report cybersecurity incidents, including confirmed and potential issues, to the Cybersecurity and Infrastructure Security Agency (CISA).

In addition, critical pipeline owners and operators will have to assess their current cybersecurity practices, pinpoint vulnerabilities and review their plans to address risks. They'll have 30 days to report their findings to TSA and CISA. Those might not be the only measures, as TSA is considering other directives.

Pipeline cybersecurity has been brought into focus in recent weeks, following a ransomware attack on Colonial Pipeline. The company paused gasoline and diesel deliveries for several days earlier this month after its billing system was compromised. That led to fuel shortages in some areas.

“The cybersecurity landscape is constantly evolving and we must adapt to address new and emerging threats,” Secretary of Homeland Security Alejandro N. Mayorkas said in a statement. “The recent ransomware attack on a major petroleum pipeline demonstrates that the cybersecurity of pipeline systems is critical to our homeland security. DHS will continue to work closely with our private sector partners to support their operations and increase the resilience of our nation’s critical infrastructure.”

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget