Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Lawmakers Reintroduce ‘Pipeline Security Act’ Following Colonial Hack

More than a dozen U.S. lawmakers led by Rep. Emanuel Cleaver (D-MO) have reintroduced the Pipeline Security Act, whose goal is to aid the DHS’s efforts to protect pipeline infrastructure against cyberattacks, terrorist attacks and other threats.

More than a dozen U.S. lawmakers led by Rep. Emanuel Cleaver (D-MO) have reintroduced the Pipeline Security Act, whose goal is to aid the DHS’s efforts to protect pipeline infrastructure against cyberattacks, terrorist attacks and other threats.

The Pipeline Security Act was first introduced in 2019, but it did not receive a vote. Now, following the recent ransomware attack on Colonial Pipeline, which had a significant impact, the bill was reintroduced.

The bipartisan pipeline security legislation would ensure that the roles of the Transportation Security Administration (TSA), which has been the primary agency responsible for securing pipelines, and the Cybersecurity and Infrastructure Security Agency (CISA) are clarified and they are fully empowered for securing pipelines and pipeline facilities.

The bill also directs the TSA to update security guidance, conduct risk assessments and inspect pipelines, and requires the agency to create a pipeline security personnel strategy. It also enhances pipeline security oversight by requiring the TSA to submit annual reports to Congress and consult with pipeline stakeholders on security-related matters.

A markup session on the Pipeline Security Act was held by the House Committee on Homeland Security on Tuesday.

“The recent ransomware attack against Colonial Pipeline Company further highlights the threats facing our nation’s critical infrastructure and the potential cascading impacts cyber attacks can have on our economy. With the attacks of this nature on the rise, it’s more important than ever to strengthen our cyber resilience,” said John Katko (R-NY), ranking member in the Committee on Homeland Security and one of the co-sponsors of the bill.

“Right now, we need to focus on building existing capabilities and resources while ensuring federal roles and responsibilities are clear. DHS and DOT are co-Sector Risk Management Agencies (SRMAs) for transportation systems, including pipelines, and should continue to run point, with TSA, CISA, and the U.S. Coast Guard continuing to play important roles. I’ll continue working in a bipartisan manner to make sure our country is better prepared to mitigate future attacks on our critical infrastructure,” Katko added.

Colonial Pipeline, the largest refined products pipeline in the United States, was forced to shut down operations as a result of the ransomware attack. The incident had significant implications, including temporary gas shortages, gas prices rising, and states declaring a state of emergency.

Advertisement. Scroll to continue reading.

The attack leveraged a piece of ransomware named DarkSide, which has been linked to Russian cybercriminals. The attackers encrypted files on compromised systems and also stole data that they threatened to leak unless a ransom was paid.

According to some reports, Colonial paid a $5 million ransom to the hackers. The company is said to have recovered encrypted files from backups — the decryption tool provided by the cybercriminals was too slow — but paid the ransom to retrieve the stolen information.

Related: Tech Audit of Colonial Pipeline Found ‘Glaring’ Problems

Related: Industry Reactions to Ransomware Attack on Colonial Pipeline

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Checkmarx has appointed Scott Gainey as Chief Marketing Officer.

Jason Hogg has been named Executive Chairman of CYPFER.

HUB Cyber Security has appointed former PayPal and American Express executive Paul Parisi as its Global Chief Revenue Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.