DHS to require pipeline companies to report cyberattacks

DHS to require pipeline companies to report cyberattacks
© Courtesy Colonial Pipeline

The Department of Homeland Security (DHS) will issue a directive later this week requiring all pipeline companies to report cyber incidents to federal authorities after a devastating ransomware attack on Colonial Pipeline forced a shutdown of operations.

The Washington Post first reported that DHS’s Transportation Security Administration (TSA), which is responsible for securing critical pipelines, will issue the directive this week following concerns that pipeline operators are not required to report cyber incidents, unlike other critical infrastructure sectors.

A spokesperson for DHS told The Hill in an emailed statement Tuesday that “the Biden administration is taking further action to better secure our nation’s critical infrastructure,” with TSA and the federal Cybersecurity and Infrastructure Security Agency (CISA) working together on the issue.


“TSA, in close collaboration with CISA, is coordinating with companies in the pipeline sector to ensure they are taking all necessary steps to increase their resilience to cyber threats and secure their systems. We will release additional details in the days ahead,” the spokesperson said.

Both TSA and CISA declined to comment on the directive, pointing to DHS for details.

According to The Post, companies will be required to report incidents to both TSA and CISA as well as designate an official with the ability to contact both agencies in order to report a cyberattack.

“This is a first step, and the department views it as a first step, and it will be followed by a much more robust directive that puts in place meaningful requirements that are meant to be durable and flexible as technology changes,” a senior DHS official told the Post.

The directive comes two weeks after a cyber criminal group that President BidenJoe BidenSouth Africa health minister calls travel bans over new COVID variant 'unjustified' Biden attends tree lighting ceremony after day out in Nantucket Senior US diplomat visiting Southeast Asia to 'reaffirm' relations MORE said was likely based in Russia used the “DarkSide” ransomware variant to compromise Colonial Pipeline’s IT systems. Colonial, the supplier of 45 percent of the East Coast’s fuel, chose to shut down pipelines to protect its operational systems, causing fuel shortages in multiple states.

While the electric sector and other critical infrastructure groups have mandatory cybersecurity standards, the pipeline industry does not. Federal officials are increasingly calling for cybersecurity mandates for the pipeline sector following the Colonial Pipeline attack.

When asked about potential mandatory standards, Homeland Security Secretary Alejandro MayorkasAlejandro MayorkasButtigieg has high name recognition, favorability rating in Biden Cabinet: survey Meet Ayelet Shaked, Israel's polarizing and powerful Interior minister Watch live: DHS secretary testifies on border security MORE told reporters at the White House earlier this month that the administration was discussing the idea of some further oversight.

“Our conversations within the administration are ongoing and have been underway with respect to what measures we need to take both administratively and of course in a companion effort in the legislature to see how we can raise the cyber hygiene across the country,” Mayorkas said.

In addition, the Biden administration launched a 100-day initiative in April to secure the electric sector against cyberattacks, with initiatives also planned to secure other critical sectors including the oil and gas industry.

House Homeland Security Committee Chairman Bennie ThompsonBennie Gordon ThompsonJan. 6 panel faces double-edged sword with Alex Jones, Roger Stone Jan. 6 panel subpoenas Proud Boys, Oath Keepers and leaders Jan. 6 panel subpoenas Roger Stone, Alex Jones MORE (D-Miss.) on Tuesday applauded the upcoming directive. 

“While the Colonial Pipeline attack shows there is much more work to be done to protect the nation’s pipelines and other critical infrastructure from cyber attacks, this TSA security directive is a major step in the right direction towards ensuring that pipeline operators are taking cybersecurity seriously and reporting any incidents immediately,” Thompson said in a statement. 

“While Congress will continue its oversight of TSA’s pipeline security efforts, TSA – with its twenty years of experience – will remain the Federal entity responsible for pipeline security with the authorities to mandate security requirements,” he added.