Homeland Security orders pipeline operators to beef up cybersecurity to protect fuel supply chain
On Tuesday, the Department of Homeland Security (DHS) issued new cyber security requirements for fuel pipeline owners and operators in response to the ransomware attack on the Colonial Pipeline.
In a June 20 statement, DHS announced the issuance of a Security Directive “that requires owners and operators of TSA-designated critical pipelines that transport hazardous liquids and natural gas to implement a number of urgently needed protections against cyber intrusions. “
The heightened attention on pipeline cyber security comes after a May ransomware attack that shut down the Colonial Pipeline for days. The pipeline provides about 45% of the fuel to the east coast, and gas station fuel shortages were reported in many states, including Virginia, North Carolina, Florida, South Carolina, Tennessee, and Alabama. Colonial Pipeline CEO Joseph Blount reportedly paid $4.4. million in cryptocurrency to the hacker group DarkSide to restore the pipeline services. The Darkside group is believed to have ties to Russia.
“The lives and livelihoods of the American people depend on our collective ability to protect our Nation’s critical infrastructure from evolving threats,” said Secretary of Homeland Security Alejandro N. Mayorkas. “Through this Security Directive, DHS can better ensure the pipeline sector takes the steps necessary to safeguard their operations from rising cyber threats, and better protect our national and economic security. Public-private partnerships are critical to the security of every community across our country and DHS will continue working closely with our private sector partners to support their operations and increase their cybersecurity resilience.”
DHS issued another Security Directive to pipeline owners and operators in May requiring that they report confirmed or suspected cyber security attacks to the Cybersecurity and Infrastructure Security Agency (CISA), designate a Cybersecurity Coordinator to be available 24/7, and review current practices to identify gaps in their cyber security defenses and report those gaps to authorities within a 30 day period.
Adding to worries about the fuel supply chain is a reported shortage of tanker truck drivers, which has resulted in intermittent dry gas stations in several states over the late spring and into summer.
“Many of these gasoline delivery drivers lost their jobs last year at the beginning of the pandemic. These drivers took their skills to shipping services like Amazon. They took to delivering household items like toilet paper which were in high demand last year. Now that gasoline demand has returned to near pre-pandemic levels, the driver shortage is causing supply chain issues,” AAA Colorado said as several gas stations in Pueblo, Canon City, Denver, and Colorado Springs ran dry in June.