US to require energy pipelines report computer hacks within 12 hours or face fines
Energy pipeline companies will have to report cybersecurity incidents to the US government under a new directive that will be announced by the
Transportation Security Administration (TSA) on Thursday, senior government officials said.
The officials, who asked to remain unidentified, said the directive will impose fines on pipeline companies that fail to report incidents within 12 hours and mandate that the pipeline companies designated a cybersecurity coordinator to report incidents and coordinate with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
For the latest headlines, follow our Google News channel online or via the app.
“This is the first time there’s mandatory reporting of cybersecurity incidents,” said one of the four senior officials that spoke to journalists ahead of the directive’s unveiling.
The new directive comes after hackers earlier this month carried out a ransomware attack on the Colonial Pipeline Co, the United States’ biggest fuel pipeline system, that caused supply disruptions, price spikes and panic buying across the East Coast earlier this month.
Holding tanks are seen at Colonial Pipeline’s Linden Junction Tank Farm in Woodbridge, New Jersey, US. (Reuters)
The directive was first reported by The Washington Post earlier this week.
The hackers, alleged to be operating out of Russia, held Colonial Pipeline’s computer network hostage and successfully extorted millions of dollars in digital currency. The incident has bumped the cybersecurity of critical infrastructure to the top of the national agenda.
The US government has traditionally relied on private industry to flag hacks to officials, but is shifting toward mandatory reporting amid a number of major intrusions.
Similar mandates might appear in other industries. Speaking Wednesday, the officials said the new pipeline mandate is being eyed as a potential model for other sectors as well.
Read more: Oil prices gain after cyberattack forces shutdown of Colonial Pipeline in US
Also Read
-
Servers of Colonial Pipeline hacker Darkside forced down, says cyber security firm
Servers for Darkside were taken down by unknown actors on Friday, a week after the cyber extortionist forced the shutdown of a large US oil pipeline ... Technology -
Colonial Pipeline paid alleged DarkSide hackers $5 mln in ransom: Bloomberg News
Colonial Pipeline paid nearly $5 million to Eastern European hackers on Friday after a crippling cyberattack that shut the largest fuel pipeline ... Energy -
Fuel shortages in US worsen on sixth day of Colonial Pipeline outage
Fuel shortages worsened in the southeastern United States on Wednesday, as the shutdown of the largest US fuel pipeline network entered its sixth day ... Energy -
US declines to advise Colonial Pipeline whether to pay ransom to hackers
A top White House national security official declined to give advice on Monday whether operators of the Colonial Pipeline should pay ransom to hackers ... Energy
