Urgently Needed Rules Laid Out For US Pipelines Spark Mixed Reactions

Time to read
1 minute
Read so far

Urgently Needed Rules Laid Out For US Pipelines Spark Mixed Reactions

Tue, 10/05/2021 - 10:30
TSA seal on the US flag (copyright by Shutterstock/danielfela)
TSA seal on the US flag (copyright by Shutterstock/danielfela)

In July the US government issued a set of security guidelines to strengthen the security of the nation's critical energy pipelines to prevent a reoccurrence of devastating cyber-attack on pipelines' computerized systems. The May 7 attack on Colonial Pipeline sent US major cities into a panic mode, sparking an unprecedented fuel shortage and panic-buying of gasoline.

According to some lawmakers and analysts, the regulations show traditional voluntary-based approach to cybersecurity does little to prevent cyberattacks on major infrastructures. However, some analysts pointed out that the new guidelines could hamper pipeline reliability if implemented.

The "urgently needed" steps laid out by the Transportation Security Administration aims at protecting Americans from the severe effects of cyber-attacks on any of the nation's 100 critical liquid and natural gas pipelines.

The rules are tailored to compel pipeline companies to bolster their cybersecurity systems and evaluation of the companies' defenses to improve resilience to cyberattacks and ensure the pipeline operates normally even in the event of a cyberattack.

According to Tim Maurer, a cybersecurity expert and a senior counselor to Homeland Security Secretary, the 6-day shutdown of the Colonial Pipeline witnessed in May was a real wake-up moment for discovering how vulnerable the vast network of the country's pipeline was to cyberattacks. As such, the officials felt the urgency to act swiftly and protect the pipeline network from another round of hacking.

The new mandatory regulation for pipeline companies is the first of such in years. However, it has received support and criticism in equal measure. According to Rep. Jim Langevin (D-R.I.), co-founder of the Congressional Cybersecurity Caucus, the new rule "is not only a good thing to do, it's way overdue."

While the guidelines aren't made public, Langevin said withholding them is counterproductive as even a redacted version would be vital for industry experts to give their opinion on the guideline's merit. Langevin also added that transparency helps and not hurts.

Some analysts have also expressed concerns that the rules are vague and, to some extent, unclear on whether the entire industrial business system will comply or the compliance is required just for the pipeline-related networks. Seven gas and oil industry groups also sent a strongly worded letter to TSA Administrator David P. Pekoske, criticizing the directive.

The July pipeline cybersecurity regulations were intended to be a stopgap as the officials plan to craft permanent regulations upon the expiry of the regulations after one year. Such major cybersecurity regulations were last witnessed in 2008 when the federal government imposed a cybersecurity regulation on the bulk electric power sector.

Add new comment

The content of this field is kept private and will not be shown publicly.

Text only

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.