DHS announces new cybersecurity rules for critical pipelines

Share
The United States Department of Homeland Security (DHS) has announced new cybersecurity requirements for critical pipeline owners and operators

The United States Department of Homeland Security (DHS) has announced that it will require owners and operators of critical pipelines that transport hazardous liquids and natural gas to implement “urgently needed protections against cyber intrusions.”

The Department’s Cybersecurity and Infrastructure Security Agency (CISA) advised TSA on cybersecurity threats to the pipeline industry, as well as technical countermeasures to prevent those threats, during the development of this second Security Directive.  This Security Directive requires owners and operators of TSA-designated critical pipelines to implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, develop and implement a cybersecurity contingency and recovery plan, and conduct a cybersecurity architecture design review.

 

Security Directive issued in May


 

This is the second Security Directive that TSA has issued to the pipeline sector this year, building upon an initial Security Directive that TSA issued in May 2021 following the ransomware attack on a major petroleum pipeline. 

The ransomware attack on Colonial Pipeline shut down much of its 5,500-mile system in May, disrupting deliveries of the approximately 2.5 million barrels of fuel it transports daily. It left thousands of petrol stations from the East Coast to the Gulf Coast facing a fuel shortage as millions of barrels of petrol, diesel, and jet fuel could not flow to their destination.

The May 2021 Security Directive requires critical pipeline owners and operators to:

 1. Report confirmed and potential cybersecurity incidents to CISA

 2. Designate a Cybersecurity Coordinator to be available 24 hours a day, seven days a week

 3. Review current practices 

 4. Identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days.

“The lives and livelihoods of the American people depend on our collective ability to protect our Nation’s critical infrastructure from evolving threats,” said Secretary of Homeland Security Alejandro N. Mayorkas.  “Through this Security Directive, DHS can better ensure the pipeline sector takes the steps necessary to safeguard their operations from rising cyber threats, and better protect our national and economic security. Public-private partnerships are critical to the security of every community across our country and DHS will continue working closely with our private sector partners to support their operations and increase their cybersecurity resilience.”

 

Share

Featured Articles

Palo Alto Networks, Deloitte and The Push to Platformization

By expanding their partnership to EMEA, Palo Alto Networks is bringing to Deloitte the platformization needed in the modern cybersphere

Insurers Now Spotlighting Identity and Privilege Compromises

Delinea's latest survey reveals a sharp rise in cybersecurity insurance claims, pushing for advanced identity protection measures. Dive into how AI and met

Trend Micro Address AI Threat to Mobile Users with New App

Trend Micro Check is an all-in-one solution that recognises the threats that deepfakes are now posing to mobile users in elaborate scams

Solarwinds CISO Wants Global Cyber Laws After Winning Case

Cyber Security

Resurgence of Spam: Cisco Talos Sound Alarm on New Tactics

Hacking & Malware

Cloudhouse Head Talks Laws Incoming After Crowdstrike Outage

Operational Security