DHS to issue first cybersecurity regulations for pipelines after Colonial hack

Ellen Nakashima and Lori Aratani

The Department of Homeland Security is moving to regulate cybersecurity in the pipeline industry for the first time in an effort to prevent a repeat of a major computer attack that crippled nearly half the East Coast’s fuel supply this month — an incident that highlighted the vulnerability of critical infrastructure to online attacks.

The Transportation Security Administration, a DHS unit, will issue a security directive this week requiring pipeline companies to report cyber incidents to federal authorities, senior DHS officials said. It will follow up in coming weeks with a more robust set of mandatory rules for how pipeline companies must safeguard their systems against cyberattacks and the steps they should take if they are hacked, the officials said. The agency has offered only voluntary guidelines in the past.

The ransomware attack that led Colonial Pipeline to shutter its pipeline for 11 days this month prompted gasolineshortages and panic buying in the southeastern United States, including in the nation’s capital. Had it gone on much longer, it could have affected airlines, mass transit and chemical refineries that rely on diesel fuel. Colonial’s chief executive has said the company paid $4.4 million to foreign hackers to release its systems.

Click here to read more of this Washington Post article by Ellen Nakashima and Lori Aratani.