The Biden administration is moving forward with mandatory cybersecurity requirements for pipelines, according to a person briefed on the plans, following the ransomware attack earlier this month that paralyzed the biggest fuel pipeline in the nation.
Pipeline operators would be required for the first time to report certain cyberattacks to the Department of Homeland Security under a forthcoming security directive being issued by the Transportation Security Administration, according to the person, who spoke on the condition of anonymity to discuss government matters that had not been made public yet.
The directive, which is expected to require companies to establish a point of contact for cyber issues, is seen as a precursor to broader mandates for the pipeline sector which has resisted cyber security regulations in favor of a voluntary system they say is more nimble.
“The Biden Administration is taking further action to better secure our nation’s critical infrastructure,” the
Now, in the wake of the attack that shuttered the
“This TSA security directive is a major step in the right direction towards ensuring that pipeline operators are taking cybersecurity seriously and reporting any incidents immediately,” Representative
Despite the Colonial incident, which paralyzed a critical supply of gasoline and other refined products to New York and other cities along the East Coast leading to fuel shortages, the energy and pipeline industry remains wary about new regulations, which they fear could be overly prescriptive and too rigid to adapt to the rapidly changing digital threats.
“We want TSA to get right anything they plan to do,” said
--With assistance from
To contact the reporter on this story:
To contact the editors responsible for this story:
© 2021 Bloomberg L.P. All rights reserved. Used with permission.