TSA formally directs pipeline companies to report cybersecurity incidents in wake of Colonial attack

The Transportation Security Administration (TSA) formally issued a security directive Thursday to strengthen federal cybersecurity oversight of pipelines, weeks after a ransomware attack on Colonial Pipeline led to fuel shortages in multiple states.

The directive, released two days after The Washington Post first reported on its existence, requires pipeline companies to report cybersecurity incidents within 12 hours of them occurring to the Cybersecurity and Infrastructure Security Agency (CISA). Both CISA and TSA are part of the Department of Homeland Security (DHS).

The directive also requires pipeline owners and operators to designate an individual who is available 24/7 to coordinate with officials at both TSA and CISA in the event of a cyber incident, and for owners and operators to carry out assessments of existing cybersecurity practices to identify potential gaps and report their findings to TSA and CISA within 30 days.

“The cybersecurity landscape is constantly evolving and we must adapt to address new and emerging threats,” DHS Secretary Alejandro Mayorkas said in a statement on Thursday. “The recent ransomware attack on a major petroleum pipeline demonstrates that the cybersecurity of pipeline systems is critical to our homeland security. DHS will continue to work closely with our private sector partners to support their operations and increase the resilience of our nation’s critical infrastructure.”