US steps up cybersecurity requirements after pipeline hack

© Agence France-Presse

The cybersecurity vulnerabilities of US oil conduits came into focus in May 2021 after a hacking attack shut down Colonial Pipeline, which transports fuel to the east coast

Washington (AFP) - The US government on Thursday imposed cybersecurity requirements on petroleum pipelines for the first time, following a ransomware attack that temporarily shut down a key oil conduit this month.

The new rules imposed by the Department of Homeland Security require pipeline operators to designate a cybersecurity coordinator who must be available at all times, and report confirmed incidences to the agency's Cybersecurity and Infrastructure Security Agency.

Pipeline owners will also be required to review their procedures and identify cybersecurity gaps and ways to fix them, with the results reported to the department within 30 days.

"The cybersecurity landscape is constantly evolving and we must adapt to address new and emerging threats," Homeland Security Secretary Alejandro Mayorkas said in a statement.  

"The recent ransomware attack on a major petroleum pipeline demonstrates that the cybersecurity of pipeline systems is critical to our homeland security."

The online vulnerabilities of US pipelines came into focus after a May 7 cyberattack on Colonial Pipeline, which transports about 45 percent of the fuel consumed on the east coast of the United States.

The pipeline's multi-day shutdown sparked panic buying in some eastern states, and ended when the company paid $4.4 million in ransom to the hackers.