DHS will reportedly introduce the US's first cybersecurity regulations after the Colonial Pipeline hack revealed the fragility of American infrastructure

Advertisement
DHS will reportedly introduce the US's first cybersecurity regulations after the Colonial Pipeline hack revealed the fragility of American infrastructure
A woman fills gas cans at a Speedway gas station on May 12, 2021 in Benson, North Carolina. Americans panic-bought fuel after the Colonial Pipeline shutdown caused shortages in the southeast.Photo by Sean Rayford/Getty Images
  • The Department of Homeland Security will require pipeline companies to report cyberattacks.
  • More mandatory rules will be announced soon - the agency has offered only voluntary guidance in the past.
  • The Colonial Pipeline hack highlighted the country's need to safeguard its defense against cyberthreats.
Advertisement

US officials will introduce the country's first pipeline cybersecurity regulations after hackers attacked the country's largest oil pipeline earlier this month, causing a massive outage, The Washington Post reported Tuesday.

Unnamed officials at the Department of Homeland Security told the paper that the agency, through its Transportation Security Administration subsidiary, will issue a new directive this week requiring pipeline companies to report incidents of cyber vulnerabilities to officials. The new rules may also require companies to appoint a cyber official to have around-the-clock contact with federal authorities.

More regulations will be announced in the coming weeks for companies in an effort to ensure the safety of the industry's online infrastructure, the report said.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

As the Post notes, DHS has historically issued only voluntary guidance on cyber safety, but these new rules will be mandatory. Other sectors involving things like health care and wastewater processes also don't typically implement required cyber guidelines.

DHS did not immediately respond to Insider's request for comment.

Advertisement

An agency spokesperson told the Post that "TSA, in close collaboration with [the Cybersecurity and Infrastructure Security Agency,] is coordinating with companies in the pipeline sector to ensure they are taking all necessary steps to increase their resilience to cyberthreats and secure their systems."

Read more: A strategist who timed the March 2020 market bottom for a $32 billion money manager breaks down 2 ways investors can capitalize on the Colonial Pipeline attack

Colonial Pipeline, which operates the country's largest oil pipelines, was hit with a ransomware cyberattack in mid-May, and the company was forced to halt its operations temporarily. The 11-day shutdown resulted in supply issues in the southeast, as people took to panic-buying and hoarding gas. The hack also reignited conversations about how to safeguard the country's energy infrastructure.

Colonial's CEO said the company paid a $4.4 million ransom to foreign cyber hackers on May 7 so they would relinquish control of the systems. The FBI discourages companies from bowing to ransom requests, but many still do.

{{}}