US toughens cybersecurity rules for pipelines
The US Department of Homeland Security said July 20 that pipeline operators are required to enact measures to protect against ransomware and other cybersecurity threats.
Through its Transportation Security Administration, the homeland security agency said it issued a directive that mandates pipeline owners and operators take specific mitigation measures against cybersecurity threats. On top of that, they are called on to develop recovery plans and perform regular cybersecurity reviews.
“The lives and livelihoods of the American people depend on our collective ability to protect our nation’s critical infrastructure from evolving threats,” Alejandro Mayorkas, the secretary of homeland security, said.
A ransomware attack on May 7 disrupted operations on the 8,850-km Colonial fuels pipeline that meets about half of the demand for refined products on the eastern US seaboard. The operating company brought the network back on line after paying a hefty ransom.
A Russian-language group dubbed DarkSide took credit for the ransomware attack, prompting the federal government to form an emergency inter-agency task force to examine the issue.
Richard Glick, the chairman of the Federal Energy Regulatory Commission, noted early this year that mandatory cybersecurity protocols are in place for the US power grid, but not for pipelines. Instead, that authority rests with the US Transportation Security Administration, which only had voluntary guidance available on cybersecurity at the time.