Actionable insights straight to your inbox

Equities logo

Homeland Security Orders Critical Pipeline Operators To Implement ‘Urgently Needed’ Cyber Protections

DHS said it would mandate federally designated critical pipelines to implement “specific mitigation measures” to better protect their infrastructure (Image source: Colonial Pipeline)

Video source: YouTube, 10 Tampa Bay

The US Department of Homeland Security (DHS) announced Tuesday that owners and operators of “critical pipelines” that transport hazardous liquids and natural gas will be required to implement “urgently needed protections against cyber intrusions.”

The new security directive follows a May ransomware attack on Colonial Pipeline Co that disrupted gas delivery across the East Coast and aims to limit the chances of similar hacks in the future.

In a statement, DHS said it would mandate federally designated critical pipelines to implement “specific mitigation measures” to better protect the infrastructure. Pipelines must also develop contingency plans and conduct what the department calls a “cybersecurity architecture design review.” 

"The lives and livelihoods of the American people depend on our collective ability to protect our nation’s critical infrastructure from evolving threat," Secretary of Homeland Security Alejandro Mayorkas said in a statement. "Through this security directive, DHS can better ensure the pipeline sector takes the steps necessary to safeguard their operations from rising cyber threats, and better protect our national and economic security."

It marks the department’s second security directive since Colonial Pipeline, which provides 45% of the East Coast’s fuel supply, was forced to shut down its pipeline for almost a week

The new directive is the latest response by the Biden administration to a spate of cyberattacks on critical infrastructure in the US. 

The President has repeatedly accused Russia of providing a safe haven to cyber gangs, like the one linked to the Colonial Pipeline attack, and imposed sanctions for a range of activities including hacking.  

The US and key allies also accused China of complicity in a massive hack of Microsoft Corporation’s Exchange email server software earlier this year. 

Both China and Russia have denied involvement in cyberattacks targeting the US.

Following the Colonial Pipeline attack, the company paid hackers a $4.4 million ransom to restore system access, most of which was recovered by the Justice Department

According to The Wall Street Journal, Colonial Pipeline chief executive officer James Blount authorized the sum to be paid on the day of the attack, a decision he described as “highly controversial” but the “right thing to do for the country.” 

_____

Source: Equities News

A weekly five-point roundup of critical events in fintech, the future of finance and the next wave of banking industry transformation.