U.S. Homeland Security Pushes New Cybersecurity Rules After Colonial Pipeline Attack
Cyber defense is a crucial part of the world we live in, as "The lives and livelihoods of the American people depend on our collective ability to protect our Nation's critical infrastructure from evolving threats," explains Secretary of Homeland Security Alejandro N. Mayorkas. To accomplish this, today's directive will require pipelines to "implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, develop and implement a cybersecurity contingency and recovery plan, and conduct a cybersecurity architecture design review."
This directive comes from the Cybersecurity and Infrastructure Agency which advised the Transportation Security Administration "on cybersecurity threats to the pipeline industry, as well as technical countermeasures to prevent those threats." This follows an earlier directive from May, which required pipeline owners and operators to report any cybersecurity incidents to CISA, have a 24/7 cybersecurity coordinator, review current practices, identify security gaps, and remediations to address risks and then report them to the TSA and CISA under 30 days.
The hope is that, between these two directives, critical pipelines will not be at as high of a risk as in years past. However, this will likely not be enough to secure critical infrastructure from security threats. Much more force is needed, such as creating laws and regulations to force companies to comply or perhaps face significant penalties. Otherwise, the Colonial Pipeline incident could be the first in a long line of disruptive attacks on critical infrastructure.