US issues new cybersecurity directive for critical pipelines

The cybersecurity directive, the second issued by the Biden administration since May, comes on the heels of a massive hack on Colonial Pipeline that upended millions of Americans’ fuel supply.

The Colonial Pipeline hack left thousands of petrol stations from the United States' East Coast to the Gulf Coast facing a fuel shortage as millions of barrels of petrol, diesel and jet fuel could not flow to their destinations [File: Octavio Jones/Reuters]

The United States Department of Homeland Security (DHS) announced Tuesday that it will require owners and operators of critical pipelines that transport hazardous liquids and natural gas to implement “urgently needed protections against cyber intrusions.”

The security directive requires owners and operators of Transportation Security Administration (TSA)-designated critical pipelines to adopt measures to protect against ransomware attacks and other threats to information technology and operational technology systems.

It also requires those pipeline owners and operations to develop and implement a cybersecurity contingency plan and review existing cybersecurity architecture.

“The lives and livelihoods of the American people depend on our collective ability to protect our nation’s critical infrastructure from evolving threats,” Secretary of Homeland Security Alejandro Mayorkas said in a statement.

“Through this Security Directive, DHS can better ensure the pipeline sector takes the steps necessary to safeguard their operations from rising cyber threats, and better protect our national and economic security,” he added.

Advertisement

Emphasising the importance of public-private partnerships, DHS pledged to continue to work closely with the private sector to boost cybersecurity resilience.

This is the second security directive from the TSA since May, when a hack wreaked havoc on Colonial Pipeline, upending fuel supplies in the US.

The ransomware attack on Colonial Pipeline shut down much of its 8,900-km (5,500-mile) system in May, disrupting deliveries of the approximately 2.5 million barrels of fuel it transports daily.

It left thousands of petrol stations from the East Coast to the Gulf Coast facing a fuel shortage as millions of barrels of petrol, diesel and jet fuel could not flow to their destination.

The first directive issued in May required critical pipeline owners and operators to report confirmed and potential cybersecurity incidents to Cybersecurity and Infrastructure Security Agency (CISA).

It also asked operators and owners of those critical pipelines to designate a cybersecurity coordinator who can be available at all times, review practices and identify security gaps that will help address cyber-related risks and report those results to TSA and CISA within one month.

According to DHS, the TSA has worked closely since 2001 with pipeline owners and operators to enhance the physical security preparedness of US hazardous liquid and natural gas pipeline systems.

Source: Al Jazeera

Advertisement