Pipeline security
New Pipeline Cybersecurity Rules Kept Under Wraps
Details of the Transportation Security Administration’s second set of cybersecurity rules for pipeline companies will be kept on a need-to-know basis, according to a Department of Homeland Security spokesperson.
While not much is known about the new directive, DHS said in a press release that it will mandate owners and operators of TSA-designated critical pipelines to implement various protections against cyber intrusions.
DHS Secretary Alejandro Mayorkas believes that the rules will ensure that pipeline companies are able to safeguard their operations from rising cyber threats and promote national and economic security, Nextgov reported Tuesday.
An initial directive was issued by the DHS and will remain in effect through May 28, 2022.
The first set of rules mandates pipeline companies to report confirmed and potential cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency, such as unauthorized system access, malicious software detection, denial-of-service attacks and physical attacks on network infrastructure.
Pipeline owners and operators are also instructed to identify any cyber-related gaps and designate readily available primary and alternate cybersecurity coordinators at the corporate level.
DHS issued the regulations in the wake of the Darkside ransomware attack directed at Colonial Pipeline. The oil distributor was targeted on May 7 and was forced to shut down temporarily for more than a week, affecting its customers in Texas, New Jersey, Louisiana, Mississippi, Alabama, Georgia, South Carolina, Tennessee, Virginia and Pennsylvania.
Category: Cybersecurity