DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators

As of yesterday, May 27th 2021, the Department of Homeland Security’s Transportation Security Agency has announced the first Security Directive regarding cybersecurity in the pipeline industry. The purpose of this directive serves to “better identify, protect against, and respond to threats to critical companies in the pipeline sector.” These new regulations will strengthen the US energy infrastructure network amidst surging cyber threats. At all costs, we must ensure energy can be safely and efficiently transported from the field to end users.

As the recent ransomware cyberattack on the Colonial Pipeline highlighted, American consumers heavily rely on the infrastructure responsible for the safe and efficient transportation of fuel and other energy resources. After Colonial was compromised, nearly half of the East Coast’s fuel supply was jeopardized. If the dilemma would have lasted longer than its 11-day stint, it would have affected airlines, mass transit and chemical refineries that rely on diesel fuel. This vast lack of resources would position the US in an extremely vulnerable position. Not only are Americans reliant upon pipeline success, but the overall security of our nation is contingent upon our energy independence that is bolstered largely through our pipeline network. 

For DHS to support private sector partners in pursuit of increased energy resiliency, the Security Directive “will require critical pipeline owners and operators to report confirmed and potential cybersecurity incidents to the DHS Cybersecurity and Infrastructure Security Agency (CISA) and to designate a Cybersecurity Coordinator, to be available 24 hours a day, seven days a week.” Moreover, pipeline owners and operators must review their current practices to ensure cyber-related risks have been optimally mitigated. In the following month, there will be a robust, extensive set of mandatory rules for pipeline owners and operators to employ to prevent future cyberattacks, as well as the steps to take in the wake of a catastrophe as such.

Through this Security Directive, DHS has made clear the importance of eliminating cyberattacks to our nation’s crucial pipeline network. If our energy infrastructure were to be compromised, the US would suffer in more ways than one. A strong partnership between the private sector and the federal government will be key to protecting our nation’s critical infrastructure network.