WASHINGTON—The Department of Homeland Security issued a new security directive for pipeline owners and operators on May 27 after a hack of the Colonial Pipeline disrupted fuel supplies in the southeastern United States for days this month.
“The recent ransomware attack on a major petroleum pipeline demonstrates that the cybersecurity of pipeline systems is critical to our homeland security,” DHS Secretary Alejandro Mayorkas said in a statement.
Owners and operators of critical pipelines will be required to report confirmed and potential cybersecurity incidents to the department’s Cybersecurity and Infrastructure Security Agency (CISA) and designate a cybersecurity coordinator, to be available 24 hours a day, seven days a week, DHS said.
The directive will also require pipeline owners and operators to review current cybersecurity practices and identify any gaps and remediation measures for risks, it said. They must report those results to the Transportation Security Administration, a unit of DHS, and CISA within 30 days.
A ransomware attack forced Colonial Pipeline, which runs from Texas to New Jersey, to shut much of its network for several days earlier this month, leaving thousands of gas stations across the U.S. Southeast without fuel.
Motorists, fearing prolonged shortages, raced to fill their tanks as the outage laid bare the nation’s reliance on a few key pipelines for fuel needs.
The closure of the 5,500-mile system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.
The hackers held Colonial Pipeline’s computer network hostage and successfully extorted millions of dollars in digital currency. The incident has bumped the cybersecurity of critical U.S. infrastructure to the top of the national agenda.
Investigators in the Colonial case say the attack software was distributed by a gang called DarkSide, which includes Russian speakers and avoids hacking targets in the former Soviet Union. U.S. President Joe Biden has said Russia should bear some responsibility since the hacking came from inside its borders.
In the past, the Transportation Security Administration has provided voluntary guidelines on cybersecurity for pipelines.
TSA is considering additional mandatory measures to enhance cybersecurity in the pipeline industry, the DHS statement said.
Recommended Reading
Exclusive: Chevron New Energies' Bayou Bend Strengthens CCUS Growth
2024-02-21 - In this Hart Energy LIVE Exclusive interview, Chris Powers, Chevron New Energies' vice president of CCUS, gives an overview of the company's CCS/CCUS activity and talks about the potential and challenges of it onshore-offshore Bayou Bend project.
Exclusive: Tenaris’ Zanotti: Pipes are a ‘Matter of National Security’
2024-04-12 - COVID-19 showed the world that long supply chains are not reliable, and that if oil is a matter of U.S. national security, then in turn, so is pipe, said Luca Zanotti, U.S. president for steel pipe manufacturer Tenaris at CERAWeek by S&P Global.
Exclusive: As AI Evolves, Energy Evolving With It
2024-02-22 - In this Hart Energy LIVE Exclusive interview, Hart Energy's Jordan Blum asks 4cast's COO Andrew Muñoz about how AI is changing the energy industry—especially in the oilfield.
Exclusive: Liberty CEO Says World Needs to Get 'Energy Sober'
2024-04-02 - More money for the energy transition isn’t meaningfully moving how energy is being produced and fossile fuels will continue to dominate, Liberty Energy Chairman and CEO Christ Wright said.
Chesapeake, Awaiting FTC's OK, Plots Southwestern Integration
2024-04-01 - While the Federal Trade Commission reviews Chesapeake Energy's $7.4 billion deal for Southwestern Energy, the two companies are already aligning organizational design, work practices and processes and data infrastructure while waiting for federal approvals, COO Josh Viets told Hart Energy.