US to support pipeline cyber protections following Colonial hack

After a ransomware attack forced Colonial Pipeline to shut much of its network for several days this month, the Department of Homeland Security (DHS), said on Tuesday that the Biden administration is currently working with pipeline companies to strengthen protections against future attacks, with announcements of actions planned in coming days.

The attack has consequently left thousands of gas stations across the US Southeast without fuel and motorists racing to fill their tanks as the outage laid bare the nation’s reliance on a few key pipelines for fuel needs. 

The Transportation Security Administration (TSA), a unit of the DHS, “is coordinating with companies in the pipeline sector to ensure they are taking all necessary steps to increase their resilience to cyber threats and secure their systems,” the agency said.

The TSA is reportedly collaborating with another branch of DHS, the Cybersecurity and Infrastructure Security Agency.

The closure of the 5,500-mile (8,900-km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.

The DHS is reportedly preparing to issue its first mandatory cybersecurity regulations on pipelines, citing senior officials.

TSA has provided voluntary guidelines on cybersecurity for pipelines in the past, with only six full-time employees in its pipeline security branch through 2018. A General Accountability Office report said in 2019 that this is the reason there were limited reviews of cybersecurity practices and so, the agency have since expanded that staff to 34 positions. 

The TSA would require pipeline companies to report cyber incidents to the federal government, senior DHS officials have stated. New rules will require companies to correct any problems and address shortcomings or face fines.

Retail US gasoline prices surged to a seven-year high after the outage. Prices remain elevated from prior to the hack, but have slowly declined from the peak reached just as the line was reopened.

The new regulations were discussed after DHS Secretary Alejandro Mayorkas and other top officials considered how they could use existing TSA powers to bring change to the industry.

Representative Bennie Thompson, Chair of the Homeland Security Committee in the House of Representatives, called the move “a major step in the right direction towards ensuring that pipeline operators are taking cybersecurity seriously and reporting any incidents immediately.”