US DHS issues new cybersecurity rules for critical pipeline owners
Join Our Newsletter - Get important industry news and analysis sent to your inbox – sign up to our e-Newsletter here

US issues new cybersecurity directives for critical pipeline operators

21 Jul 2021 (Last Updated July 21st, 2021 11:55)

The new rules require operators to implement cybersecurity contingency and recovery plan and conduct architecture design review.

The US Department of Homeland Security (DHS) has issued a new cybersecurity directive for critical pipeline owners after a major ransomware attack in May 2021.

This is the second guideline issued by the US administration after a ransomware attack triggered the closure of Colonial Pipeline’s network that disrupted gas supplies across the south-eastern US for days.

The cyberattack led to the closure of the 5,500-mile pipeline system, preventing the supply of millions of barrels of gasoline, diesel and jet fuel.

The new directive requires owners of the Transportation Security Administration (TSA)-designated critical pipelines to implement specific mitigation measures to protect their information technology and operational technology systems.

These measures include developing and implementing a cybersecurity contingency and recovery plan, as well as undertaking cybersecurity architecture design review.

Homeland Security secretary Alejandro N Mayorkas said: “Through this security directive, DHS can better ensure the pipeline sector takes the steps necessary to safeguard their operations from rising cyber threats, and better protect our national and economic security.

“Public-private partnerships are critical to the security of every community across our country and DHS will continue working closely with our private sector partners to support their operations and increase their cybersecurity resilience.”

The TSA issued first Security Directive in May 2021 soon after the attack on Colonial Pipeline’ network.

TSA said it is working closely with Department’s Cybersecurity and Infrastructure Security Agency (CISA) to enhance the physical security preparedness of pipeline systems in the country.