DHS to require pipeline companies to report cyberattacks

The Department of Homeland Security (DHS) will issue a directive later this week requiring all pipeline companies to report cyber incidents to federal authorities after a devastating ransomware attack on Colonial Pipeline forced a shutdown of operations.

The Washington Post first reported that DHS’s Transportation Security Administration (TSA), which is responsible for securing critical pipelines, will issue the directive this week following concerns that pipeline operators are not required to report cyber incidents, unlike other critical infrastructure sectors.

A spokesperson for DHS told The Hill in an emailed statement Tuesday that “the Biden administration is taking further action to better secure our nation’s critical infrastructure,” with TSA and the federal Cybersecurity and Infrastructure Security Agency (CISA) working together on the issue.

“TSA, in close collaboration with CISA, is coordinating with companies in the pipeline sector to ensure they are taking all necessary steps to increase their resilience to cyber threats and secure their systems. We will release additional details in the days ahead,” the spokesperson said.