New DHS rules for pipeline security

The U.S. Department of Homeland Security’s Transportation Security Administration (TSA) announced a new security directive designed to help pipeline companies secure their networks from cyber attacks.

“The cybersecurity landscape is constantly evolving and we must adapt to address new and emerging threats,” said Secretary of Homeland Security Alejandro N. Mayorkas. “The recent ransomware attack on a major petroleum pipeline demonstrates that the cybersecurity of pipeline systems is critical to our homeland security. DHS will continue to work closely with our private sector partners to support their operations and increase the resilience of our nation’s critical infrastructure.”

The new rules will require critical pipeline owners and operators to report confirmed and potential cybersecurity incidents to the DHS Cybersecurity and Infrastructure Security Agency (CISA) and to designate a cybersecurity coordinator to be available 24 hours a day, seven days a week.

The new rules will also require pipeline owners and operators to review their current practices and to identify any gaps and related remediation measures to address cyber-related risks. The pipeline operators have 30 days to report their results to the TSA and the CISA within 30 days.

The TSA is also considering follow on measures that will allow the pipeline industry to enhance its cybersecurity. CISA provides cybersecurity resources to mitigate risks, including a dedicated hub that disseminates information to organizations, communities and individuals about how to protect from ransomware attacks.

Last December, the U.S. Congress gave CISA the power to secure federal civilian government networks and oversight over critical energy infrastructure from physical and cyber threats.