
Federal Government to Mandate Pipeline Companies Disclose Cyber Breaches
June 7, 2021
Written By Adam Buckallew
The Department of Homeland Security (DHS) is moving forward with mandatory cybersecurity requirements for pipelines following the May ransomware attack that crippled America’s largest pipeline and left thousands of gas stations in the Southeast without fuel.
A directive issued by the Transportation Security Administration (TSA), a unit of DHS, will require pipeline companies to report cybercrime incidents to federal authorities and establishes new requirements for cybersecurity practices and staffing.
TSA is collaborating with another branch of DHS, the Cybersecurity and Infrastructure Security Agency, to “coordinate with companies in the pipeline sector to ensure they are taking all necessary steps to increase their resilience to cyber threats and secure their systems,” the agency said.
The new cybersecurity standards are expected to bring the pipeline industry’s practices in line with other critical infrastructure sectors, such as electrical utilities, that already have mandatory security guidelines and reporting requirements. In the past, pipelines reported cybersecurity incidents on a voluntary basis.