Colonial Pipeline Ransomware Attack Prompts DHS to Issue New Cybersecurity Regulations
Hot on the heels of an executive order aimed at standardizing federal response to cyber attacks and creating new reporting requirements for government vendors, the Department of Homeland Security (DHS) is establishing its own requirements specifically for companies in the oil pipeline industry. Some of these new cybersecurity regulations have been in the works for some time, but the rapid rollout of changes comes in response to the Colonial Pipeline ransomware attack that created temporary gas shortages in states along the eastern and southern coasts of the country.
DHS sets new cybersecurity regulations for pipeline industry
The new requirements are the first cybersecurity regulations that are specific to the pipeline industry. DHS will be rolling the new regulations out gradually over the coming weeks, but one directive was put in place immediately: pipeline companies are now required to report cybersecurity incidents to federal authorities immediately.
The new cybersecurity regulations appear to be the purview of the Transportation Security Administration (TSA), which works as a division of DHS. Senior DHS officials have said that the ongoing cybersecurity regulations, expected to roll out over the summer, will include new security requirements for the IT systems of pipeline companies and a mandatory action plan that must be followed in the wake of a cyber attack.
DHS previously had only voluntary guidelines in place for the industry of some 3,000 companies, first issued in 2010. The situation changed quickly with the Colonial Pipeline ransomware attack, which caused gas deliveries to retail outlets and airports to cease for over a week as the company attempted to get billing and tracking systems back online. The company, which is the central source of gasoline for most of the states on the eastern and southeastern coast, ended up paying the hackers a $4.4 million ransom in a bid to end the attack.
Source: CPO Magazine