The Department of Homeland Security (DHS) is set to release cybersecurity regulations for pipeline companies in response to a ransomware attack on Colonial Pipeline that resulted in fuel shortages in the southeastern U.S., The Washington Post reported Tuesday.
The Transportation Security Administration (TSA) at DHS will issue this week a directive that would require pipeline operators to report cyber incidents to TSA and the Cybersecurity and Infrastructure Security Agency (CISA). Another set of mandatory requirements is expected in the coming weeks meant to help companies protect their systems from cyberattacks and respond to breaches, according to senior DHS officials.
“The Biden administration is taking further action to better secure our nation’s critical infrastructure,” Sarah Peck, a spokeswoman for DHS, said in a statement. “TSA, in close collaboration with CISA, is coordinating with companies in the pipeline sector to ensure they are taking all necessary steps to increase their resilience to cyber threats and secure their systems.”
TSA’s first measure will direct pipeline companies to assign a cyber official responsible for reporting attacks to TSA and CISA through a direct line and assess the cybersecurity posture of their systems against current cyber guidelines.
“This is the first step, and the department views it as a first step, and it will be followed by a much more robust directive that puts in place meaningful requirements that are meant to be durable and flexible as technology changes,” said a senior DHS official.
The officials said the new directives may impose financial penalties should companies fail to address problems and shortcomings.
If you want to know more about the latest updates about the Cybersecurity Maturity Model Certification, then check out Potomac Officers Club's CMMC Forum coming up on June 16. To register for this virtual forum and view other upcoming events, visit the POC Events page.