TSA updates cybersecurity directive after Colonial Pipeline ransomware attack

The Transportation Security Administration has announced another round of cybersecurity measures for pipeline owners in the wake of May’s Colonial Pipeline ransomware attack. 

The new security directive, recommended by the Cybersecurity and Infrastructure Security Agency, applies to owners and operators of TSA-designated pipelines which carry hazardous liquids and natural gas. It will require those pipeline owners to find ways to mitigate the impact of a ransomware attack if one were to occur as well as come up with a contingency and recovery plan. Owners would also have to review their cybersecurity system design. 

"The lives and livelihoods of the American people depend on our collective ability to protect our Nation’s critical infrastructure from evolving threats," Secretary of Homeland Security Alejandro Mayorkas said. "Through this Security Directive, DHS can better ensure the pipeline sector takes the steps necessary to safeguard their operations from rising cyber threats, and better protect our national and economic security." 

RELATED: Colonial Pipeline restarts operations, says return to normal service will take 'several days'

This is the second directive this year for the pipeline industry after the Colonial Pipeline incident. The May 2021 directive required owners and operators to report confirmed and potential cybersecurity incidents, designate a cybersecurity coordinator to be available 24 hours a day, seven days a week, review current practices, and identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days.

When the ransomware attack hit Colonial Pipeline, the company temporarily took its pipeline system offline, leading to temporary gas shortages along the East Coast.

The company paid $4.4 million to a gang of hackers who broke into its computer systems. The U.S. Department of Justice then recovered $2.3 million of that ransom money after hacking the hackers.

RELATED: Ransomware attacks: Biden urges Putin to crack down on cybercriminals

Meanwhile, President Joe Biden and members of his national security team plan to meet next month with business executives about cybersecurity, an official said Wednesday.

The Aug. 25 meeting comes as the White House is scrambling to help companies protect against ransomware attacks from Russia-based criminal syndicates and as the administration also confronts an aggressive cybersecurity threat from the Chinese government.

The administration has already been working with the private sector to promote better cybersecurity safeguards and resiliency. It has launched an initiative aimed at improving standards for critical sectors like electricity and worked with Microsoft after a global hack detected earlier this year that affected tens of thousands of computer systems.

The Associated Press contributed to this report. This story was reported from Los Angeles.