DHS Unveils New Cybersecurity Requirements for Pipelines
May 27, 2021 – Article posted on Bankinfosecurity
The Department of Homeland Security (DHS) has issued a cybersecurity directive that requires the operators of oil and gas pipelines to report ransomware attacks and other security incidents to the government.
The new cybersecurity mandates, which will replace some voluntary guidelines that had been in place for a decade, were announced Thursday in the wake of a May 7 ransomware attack that led Colonial Pipeline Co. to temporarily shut down its pipeline serving the East Coast, triggering fuel shortages in several states.
The security directive, which will be enforced by the Transportation Security Administration and the Cybersecurity and Infrastructure Security Agency, requires companies that own or operate oil and gas pipelines to report any security incidents, as well as potential threats, to DHS. It also requires the firms to have a dedicated “cybersecurity coordinator” available around the clock.
Bryan Orme, principal and partner at cybersecurity firm GuidePoint Security, says that while incident reporting rules and mandatory guidelines will not necessarily lead to better security, the emphasis on cybersecurity should at least bring more attention to the issue.
Read More HERE.