US pipelines ordered to increase cyber defenses after attack

WASHINGTON (AP) – U.S. pipeline operators will be required to conduct a cybersecurity assessment for the first time under a directive from the Biden administration in response to the ransomware attack that disrupted gas supplies in multiple states this month.

The Transportation Security Administration directive to be issued Thursday will also require owners and operators of the nation’s pipelines to report any cyber incidents to the federal government and have a cyber security coordinator available at all times to work with the authorities in case of an attack like the one above. that Colonial Pipeline closed.

Pipeline companies, which until now operated under voluntary guidelines, could face financial penalties starting at $ 7,000 per day if they fail to comply with a security directive that reflects a management focus on cybersecurity prior to the May attack on Colonial. , Senior Department of Homeland Security. officials said.

“The evolution of ransomware attacks in the last 12 to 18 months has reached a point where it represents a risk to national security and we are concerned about the impact on critical national functions,” said one of the officials, speaking about the condition of anonymity to discuss the details of the regulation before the formal launch.

Crime syndicates, often based in Russia or elsewhere in Eastern Europe, have unleashed a wave of ransomware attacks in which they encode a target’s data with encryption and demand a ransom. Victims have included state and local governments, hospitals and medical researchers, and businesses large and small, leaving some victims unable to perform even routine operations.

The Colonial Pipeline attack led the company to shut down a system that delivers approximately 45% of the gasoline consumed on the East Coast for about a week. It led to panic and shortage purchases at gas stations from Washington, DC to Florida.

It emerged in Congress Wednesday when DHS Secretary Alejandro Mayorkas outlined the agency’s budget next year to the subcommittee on national security of the House Appropriations Committee.

“The Colonial Pipeline violation, in particular, was a wake-up call for many Americans about how malicious cyber attackers, often backed by foreign states, can disrupt the US economy and all of our lives,” said the representative. Lucille Roybal-Allard, D-Calif., The Panel Chair.

Alpharetta, Georgia-based Colonial Pipeline later revealed that it paid a $ 4.4 million ransom to regain access to its data from the gang of hackers, linked by the FBI to a Russian-speaking criminal syndicate known as DarkSide.

The episode exposed the threat to the more than 4.4 million kilometers (2.7 million miles) of pipelines used to transport oil, other liquids, and natural gas across the United States.

The TSA is responsible for the physical security and cybersecurity of this network and has worked with the owners and operators, some 100 companies in total, to develop the voluntary guidelines and conduct on-site assessments. Lawmakers and experts have criticized the industry’s safety standards.

DHS, under Mayorkas, launched a “60-day sprint” to focus the agency on the ransomware threat weeks before the Colonial Pipeline hack was made public on May 7. The directive aims to address the issues that arose in the response that may have allowed the hack to occur in the first place.

The owners of the pipelines must carry out the evaluation within 30 days. They will have to show how their processes align with the voluntary guidelines, identify the gaps and provide a plan to address them, officials said.

Operators must first report any cybersecurity incident to the Infrastructure and Cybersecurity Security Agency, another component of DHS. Companies have been reluctant to report violations in the past for a variety of reasons, including embarrassment and concern that they could expose themselves to legal liability.

Pipeline companies will also need to designate a cybersecurity coordinator who will be on duty 24 hours a day, seven days a week to work with TSA and CISA in the event of a breach such as Colonial Pipeline.

Sign up for daily newsletters

Copyright © 2021 The Washington Times, LLC.

Add Comment