DHS to mandate pipeline companies report cybersecurity breaches
The Department of Homeland Security plans to issue a "security directive" in the coming days that would require pipeline companies to report cyberattacks to the federal government, a shift from the current system of voluntary reporting, according to a source familiar with the plans.
Posted — UpdatedThe plan to further regulate the pipeline industry comes about two weeks after Colonial Pipeline was hit with a paralyzing ransomware attack that led the company to halt operations at one of America's most important pipelines, causing gas shortages in the Southeast.
"The Biden administration is taking further action to better secure our nation's critical infrastructure. TSA, in close collaboration with (Cybersecurity and Infrastructure Security Agency), is coordinating with companies in the pipeline sector to ensure they are taking all necessary steps to increase their resilience to cyber threats and secure their systems. We will release additional details in the days ahead," DHS spokeswoman Sarah Peck said.
The directive will be issued by the Transportation Security Administration, which is the lead federal agency for transportation security, including hazardous material and pipeline security.
It is still in the works and not finalized, the source said, adding that this would be the first step as the department continues to work on a more muscular proposal to enhance pipeline security.
The proposal was first reported by The Washington Post.
Currently, pipeline operators adhere to TSA security guidelines and report cybersecurity incidents on a voluntary basis.
House Homeland Security Committee Chairman, Rep. Bennie Thompson, a Mississippi Democrat, called the move a "major step in the right direction."
"While the Colonial Pipeline attack shows there is much more work to be done to protect the nation's pipelines and other critical infrastructure from cyber attacks, this TSA security directive is a major step in the right direction towards ensuring that pipeline operators are taking cybersecurity seriously and reporting any incidents immediately," he said in a statement.
TSA will remain the "federal entity responsible for pipeline security with the authorities to mandate security requirements," Thompson said.
This story is breaking and will be updated.
Copyright 2024 by Cable News Network, Inc., a Time Warner Company. All rights reserved.
