U.S. to issue first cybersecurity regulations after Colonial Pipeline ransomware attack
The Department of Homeland Security (DHS) will issue a directive later this week requiring all pipeline companies to report cybersecurity incidents to federal authorities. The directive comes two weeks after Colonial Pipeline, which operates the biggest gasoline conduit to the East Coast, was forced to shut down its 5,500-mile pipeline after a devastating ransomware attack.
The Washington Post first reported that DHS's Transportation Security Administration (TSA) will be issuing the directive this week. A spokesperson for DHS told The Hill in an emailed statement Tuesday that “the Biden administration is taking further action to better secure our nation’s critical infrastructure,” with TSA and the federal Cybersecurity and Infrastructure Security Agency (CISA) working together on the issue. It will follow up in coming weeks with strict rules for how pipeline companies must safeguard their systems against cyberattacks and the steps they should take if they are hacked, the officials said.