U.S. to boost pipeline cyber protections in wake of Colonial hack
Send a link to a friend
 [May 26, 2021] WASHINGTON
(Reuters) -The Biden administration is working with pipeline companies
to strengthen protections against cyberattacks following the Colonial
Pipeline hack, with announcements of actions planned in coming days, the
Department of Homeland Security (DHS) said on Tuesday.
A ransomware attack forced Colonial Pipeline, which runs from Texas to
New Jersey, to shut much of its network for several days this month,
leaving thousands of gas stations across the U.S. Southeast without
fuel. Motorists fearing prolonged shortages raced to fill their tanks as
the outage laid bare the nation's reliance on a few key pipelines for
fuel needs.
The Transportation Security Administration (TSA), a unit of the DHS, "is
coordinating with companies in the pipeline sector to ensure they are
taking all necessary steps to increase their resilience to cyber threats
and secure their systems," the agency said.
The TSA is collaborating with another branch of DHS, the Cybersecurity
and Infrastructure Security Agency. DHS said it will release more
details "in the days ahead," without providing particulars.
The closure of the 5,500-mile (8,900-km) system was the most disruptive
cyberattack on record, preventing millions of barrels of gasoline,
diesel and jet fuel from flowing to the East Coast from the Gulf Coast.
The Washington Post reported that DHS is preparing to issue its first
mandatory cybersecurity regulations on pipelines, citing senior
officials.
In the past TSA has provided voluntary guidelines on cybersecurity for
pipelines. The agency only had six full-time employees in its pipeline
security branch through 2018, which limited reviews of cybersecurity
practices, a General Accountability Office report said in 2019. The TSA
said this month it has since expanded that staff to 34 positions.
[to top of second column] |
Holding tanks are pictured at Colonial Pipeline's Linden Junction
Tank Farm in Woodbridge, New Jersey, U.S., May 10, 2021.
REUTERS/Hussein Waaile/File Photo
The TSA would require pipeline companies to report cyber incidents to the
federal government, senior DHS officials told the Post. New rules will require
companies to correct any problems and address shortcomings or face fines, the
article said.
Retail U.S. gasoline prices surged to a seven-year high after the outage. Prices
remain elevated from prior to the hack, but have slowly declined from the peak
reached just as the line was reopened.
The new regulations were discussed after DHS Secretary Alejandro Mayorkas and
other top officials considered how they could use existing TSA powers to bring
change to the industry, the Post said.
Representative Bennie Thompson, chair of the Homeland Security Committee in the
House of Representatives, called the move "a major step in the right direction
towards ensuring that pipeline operators are taking cybersecurity seriously and
reporting any incidents immediately."
(Reporting by Doina Chiacu and Timothy Gardner; Editing by Howard Goller, Grant
McCool and Leslie Adler)
[© 2021 Thomson Reuters. All rights
reserved.] Copyright 2021 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
 |
