Business

Biden requires pipeline companies to report cyber attacks

The Biden administration requires the country’s pipeline companies to report to the government whenever a serious cyberattack strikes and to set up a 24-hour emergency center in case of such a situation. Said Homeland Security Secretary Alejandro N. Mayorkas Thursday morning. ..

The move is to address the lessons of 2018, officials said Wednesday night. Colonial Pipeline Ransomware Attack Which one this month Colonial shut down the system We send gasoline and jet fuel to almost half of the East Coast. However, based on the details released by those familiar with the order, the central problem revealed by the attack remains largely unsolved.

Officials have characterized the step as a more aggressive regulation of the pipeline under the authority of the National Transportation Safety Board. Perhaps these requirements are that attacks on the business network can control the operation of the pipeline itself. It is to consider whether it can be “migrated” to.

In the case of Colonial Pipeline, the company fears that budget- and email-filled business software malware will interact with the digital control systems used to move fuel up and down the tank, so it’s gasoline and jet fuel. The flow has stopped. Eastern Seaboard.

Mallorcus, who dealt with cybersecurity and infrastructure issues when he was Deputy Secretary of Homeland Security under the Obama administration, said in a statement that the Colonial Pipeline incident was “Cybersecurity in our pipeline system He said his sector “continues to work closely with private sector partners to support their operations and the country’s critical infrastructure.” Increases the resilience of the structure. “

In fact, pipeline vulnerabilities have been well known for years. In 2013, a hacking group associated with China’s People’s Liberation Army gained access to a network of Canadian subsidiaries of companies operating natural gas pipelines nationwide. However, even after that episode, the federal government did not begin to require pipeline operators to meet minimum cybersecurity standards or report incidents to the government.

The new requirements basically ensure that the pipeline company always has at least one cybersecurity-trained employee to monitor the system, but what else that employee alerts. I don’t know if I have the right to do it.

The order also sets a 30-day period to “identify gaps and associated corrective actions to address cyber-related risks” and reports to the Transportation Security Administration and the Cyber ​​Security and Infrastructure Security Agency. ..

However, many experts point out that the gaps identified in colonial ransomware attacks are likely to have been unpredictable in such reviews. And the company’s extreme secrecy in dealings with the government during the case, including the decision to pay the ransom, was a source of constant frustration for government officials.

Biden requires pipeline companies to report cyber attacks

Source link Biden requires pipeline companies to report cyber attacks

Back to top button