Energy pipeline firms could have to report cybersecurity incidents to the US authorities beneath a brand new directive that can be introduced by the Transportation Security Administration (TSA) on Thursday, senior authorities officers mentioned.
The officers, who requested to stay unidentified, mentioned the directive will impose fines on pipeline firms that fail to report incidents inside 12 hours and mandate that the pipeline firms designated a cybersecurity coordinator to report incidents and coordinate with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
“This is the first time there’s mandatory reporting of cybersecurity incidents,” mentioned one of many 4 senior officers that spoke to journalists forward of the directive’s unveiling.
The new directive comes after hackers earlier this month carried out a ransomware assault on the Colonial Pipeline, the United States’ greatest gas pipeline system, that brought on provide disruptions, worth spikes and panic shopping for throughout the East Coast earlier this month.
The directive was first reported by The Washington Post earlier this week.
The hackers, alleged to be working out of Russia, held Colonial Pipeline’s laptop community hostage and efficiently extorted hundreds of thousands of {dollars} in digital foreign money. The incident has bumped the cybersecurity of important infrastructure to the highest of the nationwide agenda.
The US authorities has historically relied on personal business to flag hacks to officers, however is shifting towards obligatory reporting amid a variety of main intrusions.
Similar mandates may seem in different industries. Speaking Wednesday, the officers mentioned the brand new pipeline mandate is being eyed as a possible mannequin for different sectors as properly.
© Thomson Reuters 2021
