US announces new cybersecurity requirements for owners of critical pipelines
WASHINGTON, July 20 (Reuters) – The Department of Homeland Security on Tuesday called on owners and operators of critical pipelines that transport dangerous liquids and natural gas to implement “the urgently needed protections against cyber intrusions.”
It was the second security directive issued by the department’s Transportation Security Administration since May, after a colonial pipeline hack disrupted fuel supplies in the southeastern United States for days.
The department said the action was in response to “the continuing cybersecurity threat to pipeline systems.”
“The lives and livelihoods of the American people depend on our collective ability to protect our nation’s critical infrastructure against evolving threats,” Homeland Security Secretary Alejandro N. Mayorkas said in the statement.
The Security Directive requires TSA-designated critical pipelines to take certain mitigating measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, implement a cybersecurity contingency and recovery plan and conduct a cybersecurity architecture design review, DHS said.
A ransomware attack forced Colonial Pipeline, which connects Texas to New Jersey, to shut down much of its network for several days in May, leaving thousands of gas stations in the Southeastern United States without fuel.
The shutdown of the 5,500-mile (8,900 km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the east coast from the Gulf Coast .
Reporting by Doina Chiacu; edited by Louise Heavens and Nick Zieminski
Our standards: Thomson Reuters Trust Principles.