In light of the recent Colonial Pipeline ransomware attack, the Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) released a new directive requiring all critical pipeline owners and operators to report cyberattacks, DHS announced today.
The directive requires all confirmed and potential cybersecurity incidents to be reported to DHS’s Cybersecurity and Infrastructure Security Agency (CISA). DHS said TSA is considering more mandatory measures to further bolster cybersecurity in the pipeline industry.
“The cybersecurity landscape is constantly evolving, and we must adapt to address new and emerging threats,” DHS Secretary Alejandro Mayorkas said in the release. “The recent ransomware attack on a major petroleum pipeline demonstrates that the cybersecurity of pipeline systems is critical to our homeland security.”
The directive also requires pipeline owners and operators to designate someone as their cybersecurity coordinator, who must be available 24/7. Critical pipeline owners and operators are now on the clock, with 30 days to complete a review of current practices, identify any potential cyber gaps, and report back to TSA and CISA.
“In the face of increasing cyber threats, it is critical that we promote resilience, not only within the Federal government, across public and private sectors in our critical infrastructure systems. The recent ransomware attack on Colonial Pipeline serves as a stark example of this ever-present threat,” Mayorkas told Congress yesterday.
This is a step towards the mandatory reporting CISA is looking for, as acting CISA head Brandon Wales lamented that there is no mandated reporting of cyber incidents. Wales called on Congress to mandate such reporting, but TSA has made the first move while waiting for the passage of such legislation.