Colonial Pipeline storage tanks in Woodbridge, N.J., on May 10. A ransomware attack on Colonial shut down a major fuel conduit for nearly a week in May.
Photo: Ted Shaffrey/Associated Press
WASHINGTON—The Biden administration on Tuesday issued new cybersecurity requirements for U.S. pipeline operators intended to help guard against ransomware and other forms of disruptive hacking, a move that comes months after a Russia-based criminal hacking group forced a major fuel conduit on the East Coast to shut down for nearly a week.
The Transportation Security Administration directive is the first of its kind to mandate certain pipeline operators designated by the federal government as critical to adopt specific cybersecurity standards. It follows an earlier TSA directive in May that required pipelines to notify federal authorities when they are targets or victims of cyberattacks.
“The lives and livelihoods of the American people depend on our collective ability to protect our nation’s critical infrastructure from evolving threats,” Homeland Security Secretary Alejandro Mayorkas said in a statement. “Through this security directive, DHS can better ensure the pipeline sector takes the steps necessary to safeguard their operations from rising cyber threats, and better protect our national and economic security.”
Biden administration officials didn’t make the text of the directive immediately available. In a statement, DHS said it would require owners and operators of TSA-designated critical pipelines to “implement specific mitigation measures to protect against ransomware attacks and other known threats” and to provide for recovery plans.
Critical infrastructure cybersecurity grew as an area of concern for Biden administration officials following the Colonial Pipeline ransomware attack in May.
Write to Dustin Volz at [email protected]
Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
