Biden Administration to Require Pipeline Companies to Report Cyberattacks
The move, which will require companies to report to the government any significant attacks, is a response to the Colonial Pipeline ransomware attacks.
The Biden administration will announce on Thursday that it is requiring the nation’s pipeline companies to report to the government any time they are hit with a significant cyberattack, and to create 24-hour emergency centers for such episodes.
The move is the first of several, administration officials said on Wednesday night, to address the lessons of the Colonial Pipeline ransomware attack this month, which forced Colonial to shut off the systems that send gasoline and jet fuel to nearly half of the East Coast. But based on the details released by people familiar with the order, it does little to solve the central problems that were revealed by that attack.
The officials characterized the step as more aggressive regulation of the pipelines, under authority that belongs to the National Transportation Safety Board. Presumably those requirements will examine whether the attacks on the business network can “migrate” to the operational controls of the pipelines themselves.
