Skip to content

Discerning Data

  • About Us
  • Additional Resources
  • Contact Us

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy
  • Privacy
  • Cybersecurity
  • Data Strategy
  • Disruptionware

Department of Homeland Security Announces New Cybersecurity Requirements for Pipelines

Share

The Department of Homeland Security (DHS) recently announced a new Security Directive requiring companies in the pipeline sector “to better identify, protect against, and respond to” cyber threats. Among other things, the Security Directive requires pipeline operators to report cyberattacks against their pipelines to DHS. This new requirement replaces the voluntary reporting guidelines that had been in place since 2010.

The new Security Directive is a response to the May 2021 ransomware attack on Colonial Pipeline that shut down much of the oil and gas distribution to the East Coast of the United States for approximately six days. According to various media reports, Colonial Pipeline ultimately elected to pay a Russian ransomware gang that claimed responsibility for the attack over four million dollars to re-open the crippled pipeline.

Under the new Security Directive, which is implemented by the Transportation Security Administration (TSA), pipeline operators will be required to take the following steps:

  1. Report attempted and confirmed cybersecurity incidents to the DHS Cybersecurity and Infrastructure Security Agency (CISA);
  2. Designate a “Cybersecurity Coordinator” who must be available on a 24/7 basis in the event of a cyberattack; and
  3. Immediately review current cyber-hygiene practices and identify and report any gaps and related remediation measures to TSA and CISA within 30 days of the implementation of the Security Directive.

TSA is also currently considering additional “follow on” measures to further support the pipeline industry and to assist the industry in strengthening its cybersecurity posture.

The ransomware attack against Colonial Pipeline appears to have spurred the federal government to recognize and take steps to combat the significant cybersecurity threats facing critical infrastructure in the United States. DHS’s Security Directive is an effort to tighten the agency’s previously lax oversight of the nation’s pipeline system, which TSA has been responsible for overseeing since the terrorist attacks of September 11, 2001. In addition, the Federal Energy Regulatory Commission (FERC), which also oversees and regulates natural gas and gas pipelines, has publicly called for mandatory and uniform cybersecurity standards throughout the entire oil and gas industry.

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

About the Author: Jason G. Weiss

Jason G. Weiss leverages a past career as a cybersecurity and computer forensics Supervisory Special Agent with more than 22 years of decorated service at the FBI to guide clients through the complex and high-stakes issues associated with cybersecurity incident preparedness and response and compliance. View Jason's full bio on the Faegre Drinker website.

About the Author: Peter Baldwin

Peter Baldwin draws on his experience as a former federal prosecutor to counsel clients facing government investigations and cybersecurity issues. View Peter's full bio on the Faegre Drinker website.

Receive Email Alerts to New Articles

SUBSCRIBE

June 24, 2021
Written by: Jason G. Weiss and Peter Baldwin
Category: Cybersecurity
Tags: cyberattack, cybersecurity, DHS, ransomware

Post navigation

Previous Previous post: Faegre Drinker on Law and Technology Podcast: Computer Forensics
Next Next post: SEC ‘Sweep’ of Public Companies’ & Registrants’ Responses to the SolarWinds Cyberbreach

Search the Blog

Sign Up for Email Alerts

PODCASTS

Faegre Drinker on Law and Technology

©2023 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

  • About Us
  • Additional Resources
  • Contact Us
We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT