U.S. Homeland Security Pushes New Cybersecurity Rules After Colonial Pipeline Attack
Earlier this year, the Colonial Pipeline ransomware incident crippled fuel delivery to the Eastern Seaboard, sending people into a panic and decreasing the supply of gas, if only briefly. Amazingly, this is only the first time something of this scale has happened, but hopefully, it will be the last. The Department of Homeland Security is now requiring owners and operators of critical pipelines to instate "urgently needed protections against cyber intrusions."
Cyber defense is a crucial part of the world we live in, as "The lives and livelihoods of the American people depend on our collective ability to protect our Nation's critical infrastructure from evolving threats," explains Secretary of Homeland Security Alejandro N. Mayorkas. To accomplish this, today's directive will require pipelines to "implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, develop and implement a cybersecurity contingency and recovery plan, and conduct a cybersecurity architecture design review."
This directive comes from the Cybersecurity and Infrastructure Agency which advised the Transportation Security Administration "on cybersecurity threats to the pipeline industry, as well as technical countermeasures to prevent those threats." This follows an earlier directive from May, which required pipeline owners and operators to report any cybersecurity incidents to CISA, have a 24/7 cybersecurity coordinator, review current practices, identify security gaps, and remediations to address risks and then report them to the TSA and CISA under 30 days.
The hope is that, between these two directives, critical pipelines will not be at as high of a risk as in years past. However, this will likely not be enough to secure critical infrastructure from security threats. Much more force is needed, such as creating laws and regulations to force companies to comply or perhaps face significant penalties. Otherwise, the Colonial Pipeline incident could be the first in a long line of disruptive attacks on critical infrastructure.