Senior government officials said that energy pipeline companies will have to report cybersecurity incidents to the US government in accordance with new instructions announced by the Transportation Security Administration (TSA) on Thursday.
Officials who asked to remain unidentified stated that the directive would impose fines on pipeline companies that fail to report the incident within 12 hours and require the pipeline company to appoint a cyber security coordinator to report the incident and communicate with the Department of Homeland Security’s Cyber Security and Infrastructure Department. Conduct the Coordination Security Agency (CISA).
Before the order was issued, one of the four senior officials told reporters: “This is the first mandatory reporting of cybersecurity incidents.”
Prior to the issuance of this new directive, hackers conducted a ransomware attack on the Colonial Pipeline, the largest fuel pipeline system in the United States, at the beginning of this month. The attack caused supply disruptions across the East Coast at the beginning of this month, soaring prices and panic purchases.
The directive was first reported by the Washington Post earlier this week.
These hackers allegedly carried out activities outside of Russia. They took the Colonial Pipeline computer network hostage and successfully extorted millions of dollars in digital currency. The incident has elevated the cyber security of critical infrastructure to the top of the national agenda.
Traditionally, the U.S. government has relied on private companies to report hacking to officials, but due to many major intrusions, the U.S. government is turning to mandatory reporting.
Similar tasks may appear in other industries. In a speech on Wednesday, officials said that the new pipeline authorization is also seen as a potential model for other industries.
Thomson Reuters 2021 ©