The Biden administration is poised to issue new cybersecurity regulations for pipelines and liquefied natural gas facilities in the aftermath of the April hack that temporarily paralyzed the nation’s biggest liquid fuel conduit.
The rules, which could be released as early as this week by the Transportation Security Administration (TSA), are the second tranche by the agency since the attack on Colonial Pipeline. It represents a further move away from a system that until now had relied on self-reporting and other voluntary measures.
“This Security Directive will apply to those pipeline systems that TSA has designated as critical to our nation’s infrastructure and is urgently needed so as to better protect our critical pipeline infrastructure from cybersecurity threats,” the Department of Homeland Security, which oversees the TSA, said in a statement that added that the directive would apply to liquefied natural gas facilities as well as pipelines.
TSA officials were scheduled to brief the industry on the rules on 19 July, according to one person familiar with the matter who asked not to be identified discussing nonpublic information.
Under the rules put in place in May, pipeline operators who fail to report cybersecurity attacks could be subject to fines and would also require pipeline companies to designate a representative to be available around the clock as a point of contact. The rules also require operators to compare their practices with the TSA guidelines and identify and report risks.