WASHINGTON — The Biden administration is working with pipeline companies to strengthen protections against cyberattacks following the Colonial Pipeline hack and will announce actions in coming days, the Department of Homeland Security (DHS) said on Tuesday.
The Transportation Security Administration (TSA), a unit of the DHS, “is coordinating with companies in the pipeline sector to ensure they are taking all necessary steps to increase their resilience to cyber threats and secure their systems,” the agency said.
TSA is collaborating with another branch of DHS, the Cybersecurity and Infrastructure Security Agency. DHS said it will release more details “in the days ahead” without providing particulars.
The Washington Post reported DHS is preparing to issue its first mandatory cybersecurity regulations on pipelines, citing senior officials.
In the past TSA has provided voluntary guidelines on cybersecurity for pipelines. The agency only had six full-time employees in its pipeline security branch through 2018, which limited the office’s reviews of cybersecurity practices, a General Accountability Office report said in 2019. The TSA said this month it has since expanded that staff to 34 positions.
The TSA would require pipeline companies to report cyber incidents to the federal government, senior DHS officials told the Post. New rules will require companies to correct any problems and address shortcomings or face fines, the article said.
After a ransomware attack forced Colonial to shut much of its network for 11 days this month, thousands of gas stations across the U.S. Southeast ran out of fuel. Motorists fearing prolonged shortages raced to fill up their cars.
The closure of the 5,500-mile (8,900-km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.
The new regulations were discussed after DHS Secretary Alejandro Mayorkas and other top officials considered how they could use existing TSA powers to bring change to the industry, the Post said.
Representative Bennie Thompson, chair of the Homeland Security Committee in the House of Representatives, called the move “a major step in the right direction towards ensuring that pipeline operators are taking cybersecurity seriously and reporting any incidents immediately.”