The US Department of Homeland Security (DHS) is expected to issue a directive sometime this week that will require all pipeline companies operating within the US to report any cyberattacks to federal authorities, it was revealed on Tuesday.
The move is being carried out in response to the hack that shuttered Colonial Pipeline operations and triggered a massive shortage in gas supplies along the entire East Coast.
Citing senior DHS sources, The Washington Post reported that the directive will be issued by the agency’s Transportation Security Administration (TSA), and will also see a “robust set of mandatory rules” published afterward that outline how companies should safeguard their IT systems. The forthcoming rules are also expected to stipulate what companies should do in the event of a hacking incident.
The Post, which notes that the agency had previously only offered voluntary guidelines for such instances, further indicated that the upcoming directive will see pipelines report any cyber incidents directly to a “cyber official” who will reportedly have a “24/7 direct line” to TSA authorities, as well as those with the Cybersecurity and Infrastructure Security Agency.
“This is a first step, and the department views it as a first step, and it will be followed by a much more robust directive that puts in place meaningful requirements that are meant to be durable and flexible as technology changes,” an unidentified senior DHS official told the outlet.
Looming regulations will effectively serve as a complete policy shift for federal authorities, as government officials previously relied heavily on working to combat cyberattacks as part of a collaborative initiative.
In a statement to The Hill, US House Homeland Security Committee Chairman Bennie Thompson (D-MS) underscored that the Colonial Pipeline hack highlighted that “there is much more work to be done to protect the nation’s pipelines and other critical infrastructure from cyberattacks.”
“This TSA security directive is a major step in the right direction towards ensuring that pipeline operators are taking cybersecurity seriously and reporting any incidents immediately,” the congressional lawmaker remarked.
The latest development follows earlier statements made by DHS Secretary Alejandro Mayorkas, in which he indicated that the Biden administration would be cooking up a response to the Colonial Pipeline hack that would help officials combat and better address similar issues moving forward.
Colonial Pipeline operations were shuttered for a period of several days in the wake of a ransomware attack, later claimed by the cybercriminal group known as DarkSide. Although reports initially indicated that the pipeline’s operators would not be paying off the hackers, it was later confirmed by Colonial Pipeline CEO Joseph Blount that DarkSide had been paid some $4.4 million.