The U.S. Department of Homeland Security (DHS) announced on Tuesday the implementation of a second cybersecurity directive that will require owners and operators of critical pipelines that transport and distribute hazardous liquids and natural gas to bolster cybersecurity in response to the recent ransomware attack that temporarily paralyzed the largest liquid fuel conduit across the East Coast.
In a statement, the Transportation Security Administration – an agency of DHS that governs and protects the transportation system in the U.S. – said that federally designated critical pipelines will be required to impose “a number of urgently needed protections” to protect the country against ransomware attacks and cyber intrusions.
This is the second cybersecurity directive issued by the Biden administration following the Colonial Pipeline ransomware attack early in May that disrupted the delivery of gas in the southeastern United States for at least six days.
DHS also said that it would require owners and operators of critical pipelines to “develop and implement a cybersecurity contingency and recovery plan,” as well as “conduct a cybersecurity architecture design review.”
“The lives and livelihoods of the American people depend on our collective ability to protect our Nation’s critical infrastructure from evolving threats,” Secretary of Homeland Security Alejandro Mayorkas said in a statement. “Through this Security Directive, DHS can better ensure the pipeline sector takes the steps necessary to safeguard their operations from rising cyber threats, and better protect our national and economic security.”
“Public-private partnerships are critical to the security of every community across our country and DHS will continue working closely with our private sector partners to support their operations and increase their cybersecurity resilience,” he added.