DHS to Mandate Pipeline Companies Report Cybersecurity Breaches

“The Department of Homeland Security plans to issue a “security directive” in the coming days that would require pipeline companies to report cyberattacks to the federal government, a shift from the current system of voluntary reporting, according to a source familiar with the plans.  

The plan to further regulate the pipeline industry comes about two weeks after Colonial Pipeline was hit with a paralyzing ransomware attack that led the company to halt operations at one of America’s most important pipelines, causing gas shortages in the Southeast.  

“The Biden administration is taking further action to better secure our nation’s critical infrastructure. TSA, in close collaboration with (Cybersecurity and Infrastructure Security Agency), is coordinating with companies in the pipeline sector to ensure they are taking all necessary steps to increase their resilience to cyber threats and secure their systems. We will release additional details in the days ahead,” DHS spokeswoman Sarah Peck said. 

The directive will be issued by the Transportation Security Administration, which is the lead federal agency for transportation security, including hazardous material and pipeline security.  

It is still in the works and not finalized, the source said, adding that this would be the first step as the department continues to work on a more muscular proposal to enhance pipeline security.”


DHS to Mandate Pipeline Companies Report Cybersecurity Breaches