US has new cyber security rules for pipelines

News
By published

DHS now requires “urgently needed protections against cyber intrusions”

Long pipeline heading toward a mountain range
(Image credit: Shutterstock)

The federal government has launched new regulations requiring owners of critical pipelines that transport hazardous liquids and natural gas to implement “urgently needed protections against cyber intrusions.”

DoJ recovers 'majority' of ransom paid by Colonial Pipeline US pipelines ordered to strengthen cyber defenses Colonial Pipeline CEO confirms $4.4 million payment to DarkSide hackers Ransomware operators in turmoil after Colonial Pipeline backlash

This was the second time since May that the Department of Homeland Security (DHS) issued a cyber security directive aimed at US pipeline operators. It comes in the wake of the Colonial Pipeline hack that disrupted fuel supplies across the southeastern US for days.

DHS said Tuesday’s move was in response to “the ongoing cybersecurity threat to pipeline systems,” Reuters reported.

“The lives and livelihoods of the American people depend on our collective ability to protect our nation’s critical infrastructure from evolving threats,” DHS Secretary Alejandro Mayorkas said.

The security directive requires critical pipelines to take defensive measures to protect themselves from ransomware attacks and other known threats to IT systems. Pipeline owners must also have a cyber security contingency and recovery plan in place.

In an earlier security directive in late May, immediately following the Colonial Pipeline cyber attack, the DHS began requiring US pipeline operators to conduct a cyber security assessment. Until then, American pipeline companies operated under purely voluntary cyber security guidelines.

RELATED RESOURCE

Aberdeen Report: How a platform approach to security monitoring initiatives adds value

Integration, orchestration, analytics, automation, and the need for speed

FREE DOWNLOAD

That late-May directive required pipeline owners and operators to report any cyber incidents to the federal government. They also needed a designated cyber security coordinator available 24/7 to work with authorities in an attack.

When DarkSide hackers attacked Colonial Pipeline, they forced it to shut down 5,500 miles of pipeline between Texas and New York for several days, disrupting the fuel supply to large swaths of the East Coast. The hackers also took 100GB of data from the network before locking computers and extorting the company for a ransom payment.

Colonial’s CEO has confirmed the pipeline company paid $4.4 million to cyber criminals who hit it with the ransomware attack.

Mike Brassfield
More about cyber crime
IoT security concept image showing network symbols on a blue background.

Multichannel attacks are becoming a serious threat for enterprises – and AI is fueling the surge
A hand on a keyboard in a dark room

Cobalt Strike abusers have been dealt a hammer blow: An "aggressive" takedown campaign by Fortra and Microsoft shuttered over 200 malicious domains – and it’s cut the misuse of the tool by 80%
Cybersecurity team members discussing strategy in an open plan office space, with male and female practitioners standing and others sitting at desks.

UK tech firms have a chance to trial a four-day week this year – here's how other pilot schemes fared
See more latest
Most Popular
Cybersecurity team members discussing strategy in an open plan office space, with male and female practitioners standing and others sitting at desks.
UK tech firms have a chance to trial a four-day week this year – here's how other pilot schemes fared
Cyber security concept image showing a digitized padlock sitting on a blue colored circuit board.
LevelBlue launches new partner program that’s “built for the future”
23andMe logo and branding pictured on a sign outside the company headquarters in Sunnyvale, California.
Millions of 23andMe users’ genetic data could be up for grabs – and experts worry it’s a looming privacy nightmare
Microsoft Copilot logo and branding pictured on a smartphone screen.
Microsoft launches new security AI agents to help overworked cyber professionals
Malware Detected Warning Screen with abstract binary code 3d digital concept
Fake file converter tools are on the rise – here’s what you need to know
NetSuite branding pictured at the company's 'SuiteConnect' conference in Westminster, London, England.
NetSuite targets UK customer productivity gains with new AI tools
Oracle logo pictured on the front of the company headquarters in Redwood City, California.
Oracle breach claims spark war of words with security researchers
Klarna CEO Sebastian Siemiatkowski pictured while speaking at the Symposium Stockholm 'Brilliant Minds' technology and music conference in Stockholm, Sweden.
“No, I don't think it is the end of Salesforce”: Klarna CEO clarifies why it stopped using Salesforce – and why he doesn’t think other companies will follow suit
AI chatbot text dialogue boxes in difference colours above a digital circuit board with lines of light emanating from it
Enterprise AI is surging, but is security keeping up?
NHS logo displayed on a smartphone screen in white lettering on a blue background.
DHSC eyes infrastructure overhaul amid £114 million IT spending boost