Following the Colonial Pipeline ransomware attack that led to fuel shortages in parts of the US, the federal plans to impose mandatory cybersecurity regulation on the pipeline industry for the primary time. consistent with The Wall Street Journal, the Department of Homeland Security and Transportation Security Administration (the same TSA that decides if you’ll board a plane or not) will soon require pipelines to notify federal authorities once they fall victim to hackers.
They’ll got to inform both the TSA and therefore the Cybersecurity and Infrastructure Security Agency (CISA) of any incidents and use a cybersecurity official with a 24/7 direct line to those units. They’ll even have to check their systems for vulnerabilities. consistent with The Washington Post, the TSA will issue “more robust” rules detailing how pipeline companies should secure their networks and answer hacks “in the approaching weeks.”
“This may be a initiative, and therefore the department views it as a primary step, and it’ll be followed by a way more robust directive that puts in situ meaningful requirements that are meant to be durable and versatile as technology changes,” a Department of Homeland Security official told The Washington Post. Pipeline security fell under TSA jurisdiction in 2002 as a byproduct of the September 11th terror attacks in 2001.
For the foremost part, the agency has focused its attention on protecting pipelines from physical threats like terror attacks. It only issued its first set of cybersecurity guidelines in 2010, and even then, those were only voluntary. That’s not uncommon within the US. Most industries that oversee critical infrastructure, including projects like dams, do not have mandatory standards they’re required to stick to by the govt.
President Biden recently signed a executive order that touched on a number of those issues. Where things get tricky is that cybersecurity isn’t necessarily a strength of the TSA. In 2019, the agency testified it only had five employees trained to handle cybersecurity audits and enforcement. The Department of Homeland Security plans to rent more staff across both the TSA and CISA and instruct the 2 units to figure together on enforcement.