The Biden administration has announced that it will require the nation’s leading pipeline companies to disclose any significant cyberattacks to the government.
Companies aren’t currently required to report cyberattacks, meaning experts don’t have a clear picture of how vulnerable the industry is to hackers. Earlier this month, the repercussions of a cyberattack on a pipeline were on full display after the Colonial Pipeline was hit by one. The incident led to panic and fuel shortages across nearly half of the East Coast.
Alejandros N. Mayorkas, the secretary of homeland security, said Thursday morning that the Colonial Pipeline case showed “that the cybersecurity of pipeline systems is critical to our homeland security.”
"Ransomware, which is primarily criminal and profit-driven, can rise to the level of posing a national security risk and disrupt national critical functions," he said.
New security directive
In addition to requiring major pipeline companies to report cyberattacks, the Biden administration’s new directive calls for the creation of 24-hour emergency centers focused on heading off these threats if they do occur.
A cybersecurity coordinator will be designated to coordinate with both the Transportation Security Administration (TSA) -- which was tasked with controlling pipeline security post-September 11, 2001 -- and the Cybersecurity and Infrastructure Security Agency (CISA) in the event of a cyber attack. The New York Times noted that it’s unclear “what that employee would be empowered to do other than raise an alarm.”
The order also requires pipeline companies to “identify any gaps and related remediation measures to address cyber-related risks” and report them to the TSA and CISA within the next 30 days.
Homeland Security officials added that they will “continue to work closely with our private-sector partners to support their operations and increase the resilience of our nation’s critical infrastructure.”