Security Experts:

Connect with us

Hi, what are you looking for?



Hack Prompts New Security Regulations for US Pipelines

The federal government will issue cybersecurity regulations in the coming days for U.S. pipeline operators following a ransomware attack that led to fuel shortages across much of the Eastern Seaboard.

The federal government will issue cybersecurity regulations in the coming days for U.S. pipeline operators following a ransomware attack that led to fuel shortages across much of the Eastern Seaboard.

The Transportation Security Administration, which oversees the nation’s network of pipelines, is expected to issue a security directive this week that will address some of the issues raised by the Colonial Pipeline shutdown, a U.S. official said Tuesday.

The directive will include a requirement that pipeline companies report cyber incidents to the federal government, said the official, speaking on condition of anonymity because the proposal has not yet been publicly released.

It addresses, to an extent, the ransomware attack that led to the shutdown of the pipeline this month, but it also reflects a broader Biden administration focus on cybersecurity after a series of damaging intrusions by overseas hackers.

The Department of Homeland Security declined to confirm any specifics of the pending directive, issuing a statement that said TSA and another component of the agency, the Cybersecurity and Infrastructure Agency, are working with private companies to address cyber threats. “The Biden Administration is taking further action to better secure our nation’s critical infrastructure,” it said.

The directive, first reported by The Washington Post, is expected to prompt concern, if not outright opposition, from private operators wary of increased government regulation.

The American Petroleum Institute, which represents the oil and gas industry, said in a statement that its members are working with the administration to develop reporting policies and that any new regulations should include “reciprocal information sharing and liability protections.”

Mark Montgomery, a senior fellow at the Foundation for the Defense of Democracies and former executive director of the congressionally mandated Cyberspace Solarium Commission, said federal officials have told him the pipeline order will have two stages.

[ Related: Tech Audit of Colonial Pipeline Found ‘Glaring’ Problems ]

The first will immediately mandate that any cybersecurity incidents are reported to the federal government, while the second, coming later, would require that pipeline companies complete a self-assessment of their cybersecurity systems for known vulnerabilities.

“It’s a good step,” Montgomery said. “But we need this applied more broadly so that all our national critical infrastructure is at a higher level.”

DHS Secretary Alejandro Mayorkas, speaking earlier at a news conference about the recovery in domestic air travel as the pandemic eases in the U.S., did not mention the security directive but said his agency was working with the private sector to improve “cyber hygiene” to prevent attacks and ensure that businesses can more easily withstand them if their defenses fail.

“I have spoken well before the pipeline cyber attack that ransomware is one of the greatest cyber security threats that we face in the United States,” Mayorkas said.

There are more than 2.7 million miles of pipeline transporting oil, other liquids and natural gas around the U.S. Members of Congress have expressed concern about the potential risk to this network, which has grown in recent years with increasing reliance on computerized systems and electronic data that are vulnerable to cyber attacks and intrusion.

The extent of the risk became apparent when Colonial Pipeline was targeted in a ransomware attack that prompted the company to shut down a system that delivers about 45% of the gasoline consumed on the East Coast. The halt to fuel supplies for nearly a week led to panic-buying and shortages at gas stations from Washington, D.C., to Florida.

The company, based in Alpharetta, Georgia, later disclosed it paid a ransom of $4.4 million to retrieve access to its data from the gang of hackers who broke into its computer systems.

The FBI has linked the ransomware to a Russian-speaking criminal syndicate known as DarkSide. President Joe Biden has said the administration has strong reason to believe the criminals are living in Russia.

“While the Colonial Pipeline attack shows there is much more work to be done to protect the nation’s pipelines and other critical infrastructure from cyber attacks, this TSA security directive is a major step in the right direction towards ensuring that pipeline operators are taking cybersecurity seriously and reporting any incidents immediately,” said Rep. Bennie Thompson, a Mississippi Democrat who chairs the House Homeland Security Committee.

Related: Tech Audit of Colonial Pipeline Found ‘Glaring’ Problems


Related: Industry Reactions to Ransomware Attack on Colonial Pipeline

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


Siemens and Schneider Electric address nearly 100 vulnerabilities across several of their products with their February 2023 Patch Tuesday advisories.


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).