DHS to require pipeline companies to report cyberattacks

DHS to require pipeline companies to report cyberattacks
© Courtesy Colonial Pipeline

The Department of Homeland Security (DHS) will issue a directive later this week requiring all pipeline companies to report cyber incidents to federal authorities after a devastating ransomware attack on Colonial Pipeline forced a shutdown of operations.

The Washington Post first reported that DHS’s Transportation Security Administration (TSA), which is responsible for securing critical pipelines, will issue the directive this week following concerns that pipeline operators are not required to report cyber incidents, unlike other critical infrastructure sectors.

A spokesperson for DHS told The Hill in an emailed statement Tuesday that “the Biden administration is taking further action to better secure our nation’s critical infrastructure,” with TSA and the federal Cybersecurity and Infrastructure Security Agency (CISA) working together on the issue.


“TSA, in close collaboration with CISA, is coordinating with companies in the pipeline sector to ensure they are taking all necessary steps to increase their resilience to cyber threats and secure their systems. We will release additional details in the days ahead,” the spokesperson said.

Both TSA and CISA declined to comment on the directive, pointing to DHS for details.

According to The Post, companies will be required to report incidents to both TSA and CISA as well as designate an official with the ability to contact both agencies in order to report a cyberattack.

“This is a first step, and the department views it as a first step, and it will be followed by a much more robust directive that puts in place meaningful requirements that are meant to be durable and flexible as technology changes,” a senior DHS official told the Post.

The directive comes two weeks after a cyber criminal group that President BidenJoe BidenEx-Biden adviser says Birx told him she hoped election turned out 'a certain way' Cheney rips Arizona election audit: 'It is an effort to subvert democracy' News leaders deal with the post-Trump era MORE said was likely based in Russia used the “DarkSide” ransomware variant to compromise Colonial Pipeline’s IT systems. Colonial, the supplier of 45 percent of the East Coast’s fuel, chose to shut down pipelines to protect its operational systems, causing fuel shortages in multiple states.


While the electric sector and other critical infrastructure groups have mandatory cybersecurity standards, the pipeline industry does not. Federal officials are increasingly calling for cybersecurity mandates for the pipeline sector following the Colonial Pipeline attack.

When asked about potential mandatory standards, Homeland Security Secretary Alejandro MayorkasAlejandro MayorkasDemocrats press ICE, DHS to not re-detain migrants released during pandemic Report: Nearly 4,000 children separated from parents at border under Trump Texas governor to sign bill banning vaccine passports MORE told reporters at the White House earlier this month that the administration was discussing the idea of some further oversight.

“Our conversations within the administration are ongoing and have been underway with respect to what measures we need to take both administratively and of course in a companion effort in the legislature to see how we can raise the cyber hygiene across the country,” Mayorkas said.

In addition, the Biden administration launched a 100-day initiative in April to secure the electric sector against cyberattacks, with initiatives also planned to secure other critical sectors including the oil and gas industry.

House Homeland Security Committee Chairman Bennie ThompsonBennie Gordon ThompsonHillicon Valley: Biden gives TikTok and WeChat a reprieve | Colonial Pipeline CEO addresses Congress again | Thomson Reuters shareholders want review of ICE ties Colonial Pipeline may use recovered ransomware attack funds to boost cybersecurity Democrats debate shape of new Jan. 6 probe MORE (D-Miss.) on Tuesday applauded the upcoming directive. 

“While the Colonial Pipeline attack shows there is much more work to be done to protect the nation’s pipelines and other critical infrastructure from cyber attacks, this TSA security directive is a major step in the right direction towards ensuring that pipeline operators are taking cybersecurity seriously and reporting any incidents immediately,” Thompson said in a statement. 

“While Congress will continue its oversight of TSA’s pipeline security efforts, TSA – with its twenty years of experience – will remain the Federal entity responsible for pipeline security with the authorities to mandate security requirements,” he added.