The Transportation Security Administration (TSA) will release a new security directive, the first of two, to require pipeline operators to reveal when they’ve been the target of an attack, The Wall Street Journal reported.
Expected this week, the directive will also require every company to pick someone to be the go-to person for cybersecurity issues. This is considered to be the first step in a detailed program from the Biden administration to boost security for the 2.5 million miles of U.S. pipelines. The impetus for the tighter regulations was the Colonial Pipeline cyberattack that occurred earlier this month.
There has been an increase in attacks against the infrastructure the nation relies upon for things like fuel, electricity, water and more.
Step two of the program will be “more muscular,” and will force pipeline operators to take action toward making their systems more ironclad against future attacks.
The TSA created a pipeline security guide years ago, but complying with it was voluntary. The electric power industry, however, has had rock-solid physical security standards that have come with penalties. The goal of the Biden administration is to put “effective, enforceable regulation, not create a check-the-box exercise.”
WSJ writes that the industry is likely to bristle against these regulations, and the American Petroleum Institute expressed opposition to new guidelines even after the Colonial Pipeline attack.
It was reported recently that Colonial Pipeline had paid $5 million in a ransom deal to get its tech back online, according to an official speaking anonymously.
Press Secretary Jen Psaki maintained that it was still the government’s position not to give into the demands of hackers, and no one in the government would openly confirm that the ransom was paid.
The hacking of the pipeline, done by a criminal group called DarkSide, managed to shut down 5,500 miles of pipeline.