Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

New Cybersecurity Order Issued for US Pipeline Operators

The Department of Homeland Security on Tuesday announced new requirements for U.S. pipeline operators to bolster cybersecurity following a May ransomware attack that disrupted gas delivery across the East Coast.

The Department of Homeland Security on Tuesday announced new requirements for U.S. pipeline operators to bolster cybersecurity following a May ransomware attack that disrupted gas delivery across the East Coast.

In a statement, DHS said it would require operators of federally designated critical pipelines to implement “specific mitigation measures” to prevent ransomware attacks and other cyber intrusions. Operators must also implement contingency plans and conduct what the department calls a “cybersecurity architecture design review.”

It’s the latest response by the Biden administration to a series of ransomware attacks and intrusions hitting critical U.S. infrastructure and raising fears about American cybersecurity.

[ READU.S. Government Attributes ICS Attacks to Russia, China, Iran ]

DHS did not immediately release further details about the guidance, which comes after another directive issued weeks after the May 7 attack on Georgia-based Colonial Pipeline.

U.S. agencies on Tuesday also disclosed that Chinese government-linked intruders targeted 23 natural gas pipeline operators from 2011 to 2013. Thirteen of those attacks were confirmed intrusions, according to a government advisory.

The Colonial attack led to the shutdown of a system delivering about 45% of the gasoline consumed along the East Coast and sparked long lines and gas shortages in several states.

Colonial paid an estimated $4.4 million ransom, most of which was recovered by the Justice Department. The FBI has blamed the attack on a Russia-based gang of hackers using the DarkSide ransomware variant.

Advertisement. Scroll to continue reading.

The Biden administration has repeatedly accused Russia of granting safe haven to criminal gangs and trying to steal from government agencies and private organizations in various sectors. It imposed sanctions in April for a range of activities including hacking.

Russia has broadly denied being involved in cyberattacks of U.S. institutions, decrying “unfounded accusations” in a statement last month.

The U.S. and key allies this week accused China of complicity in a massive hack of Microsoft Exchange email server software that victimized thousands of organizations. That announcement, however, was not accompanied by sanctions against China, which has accused the U.S. of making “groundless attacks” against it regarding cybersecurity.

Related: Tech Audit of Colonial Pipeline Found ‘Glaring’ Problems

 

 

Related: Industry Reactions to Ransomware Attack on Colonial Pipeline

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...

ICS/OT

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...

Cybercrime

Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.

ICS/OT

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.