The federal government is not pleased. The massive disruption caused by the Colonial Pipeline attack has stepped in with groundbreaking new regulations for pipeline companies.
The Department of Homeland Security Takes a Stand
Officials from the agency told The Washington Post that pipeline companies would be required to report incidents of cyber vulnerabilities to officials.
These companies may also be required to have 24/7 contact with federal officials. There may be more regulations in the coming weeks.
This move by the DHS marks a shift from their previous position as advisors offering voluntary guidance to enforcers of a mandatory rule.
A spokesperson told The Post:
TSA, in close collaboration with [the Cybersecurity and Infrastructure Security Agency,] is coordinating with companies in the pipeline sector to ensure they are taking all necessary steps to increase their resilience to cyber threats and secure their systems.
Why Is the DHS Acting Now?
Although DarkSide, the hacker group that attacked Colonial, claimed they weren’t trying to ‘create problems for society,’ their attack did just that. It caused an 11-day shutdown, leading to gas shortages along the east coast and putting consumers in a frenzy of panic-buying and hoarding.
After the toilet paper fiasco and grocery hoarding, we saw at the beginning of the pandemic, the government is well aware of the population’s inclination to panic.
Clearly, the United States’ infrastructure is vulnerable, and its citizens are on edge. After other massive hacks, such as the SolarWinds breach, which compromised up to nine government agencies, these regulations are well-warranted.
Check out this video detailing the SolarWinds hack:
The Biden Administration has emphasized its focus on cybersecurity and issued an executive order earlier this month. In the order, the White House acknowledged supply chain vulnerabilities and required federal agencies to implement zero-trust architectures.
As always, a company’s cybersecurity is ultimately its responsibility. Every company should have the basic foundations for a secure business, and they should have a plan.
Featured image by Keith Homan from Shutterstock.com