May 27, 2021 - Politics & Policy

DHS issues new cyber requirements for pipelines following Colonial hack

Colonial pipeline.
Photo: Logan CyrusAFP via Getty Images

A new directive will require pipeline operators to report confirmed and potential cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency, the Department of Homeland Security announced Thursday.

Why it matters: It's the first set of new regulations for the pipeline industry since the Colonial hack, which hampered part of the East Coast's fuel supply. The new rules will help "to better identify, protect against, and respond to threats to critical companies in the pipeline sector," DHS said in a statement.

Details: Pipeline operators will be required to designate a cybersecurity coordinator to be available 24/7, DHS said.

  • They will also have to review their practices "to identify any gaps and related remediation measures to address cyber-related risks," and report the results to the Transportation Security Agency and CISA within 30 days.

What to watch: DHS said it's considering implementing further measures to better protect pipelines and "strengthen the public-private partnership so critical to the cybersecurity of our homeland."

What they're saying: “The cybersecurity landscape is constantly evolving and we must adapt to address new and emerging threats,” said Secretary of Homeland Security Alejandro Mayorkas. 

  • “The recent ransomware attack on a major petroleum pipeline demonstrates that the cybersecurity of pipeline systems is critical to our homeland security."
  • "DHS will continue to work closely with our private sector partners to support their operations and increase the resilience of our nation’s critical infrastructure.”

Go deeper: The new digital extortion

Go deeper