The US government has issued a security directive requiring important pipeline owners and operators to take important measures to improve network security after ransomware attacks on colonial pipelines earlier this month.
Today’s Security Directive issued by the U.S. Department of Homeland Security (DHS) Transportation Security Administration (TSA) requires critical pipeline operators (for example, colonial pipelines) to report on all confirmed and potential cyber attacks and to appoint a cyber security coordinator. Improve its incident response and develop a cyber security plan based on the results of a comprehensive threat assessment conducted within the next 30 days. The pipeline infrastructure in the United States includes more than 2.7 million miles of infrastructure used to transport fuel, chemicals, and other materials used in businesses and households.
The Secretary of Homeland Security, Alejandro N. Majorcas, said in a statement announcing the directive that the latest security directive will enable the Department of Homeland Security to better identify and respond to threats to pipeline infrastructure.
He said: “The cyber security situation is constantly evolving, and we must adapt to new and emerging threats.” “Recent ransomware attacks on major oil pipelines show that the network security of the pipeline system is critical to our homeland security.”
The order came less than three weeks after Colonial Pipeline shut down its network in response to a ransomware attack on its IT systems. The attack was carried out by DarkSide, a Russian-related cybercriminal organization, and caused the pipeline to stop operating for nearly two weeks. Consumers panicked at the gas station, resulting in fuel shortages and skyrocketing prices.
The new requirement comes after President Joe Biden’s executive order on cybersecurity was issued two weeks ago, which dealt with the sharing of information about cyber incidents and software supply chain security. Chris Hallenbeck, a former official of the U.S. Department of Homeland Security (DHS) and US-CERT, said that the announced security directives show that the U.S. government has taken a stronger stance on critical infrastructure, but the efforts have long been It should start, just the first step. Tanium, an American endpoint security company.
He said: “We have to get rid of the completely voluntary cyber security system in the pipeline industry.” “They have basically been able to say,’We don’t want you to come in and check us,’ and the Department of Homeland Security does not have enough resources to argue.
The security directive will expand DHS’s current pipeline network security plan in October 2018, which includes threat assessment as a voluntary measure. After the Department of Homeland Security announces the directive, the directive will require operators to “review their current practices and identify any gaps and related remedial measures to address network-related risks.”
In a recent interview with “Dark Reading,” John Dickson, the head of the Denim Group, a software security consulting firm, said that so far, there is still a lack of ways to adopt cybersecurity recommendations. He said that, in fact, outside of large oil and gas companies such as Exxon Mobil and Shell, taking cybersecurity seriously has been a slow process.
Dixon said: “These pipeline companies are called downstream people. They don’t dare to question the security of the network.” “How do we make these people do the right thing without loopholes? For them, the risks in the physical realm.” It’s the explosion of the pipeline. They don’t think cyber attacks are risky, or they don’t.”
Most cyber security executives see the security directive as the beginning of allowing pipeline departments to think more carefully about cyber security, rather than a decisive step in addressing the company’s operational disruption due to cyber attacks.
Duncan Greatwood, CEO of zero-trust security company Xage, said that knowing that detailed information about attacks and incidents may be disclosed in the future may be enough to make the industry more fully committed to cybersecurity.
He said: “Creating a hacker report is not a major change in itself, because the company has already done this work internally.” “What will have an impact on the company is that they know that attack information will be shared in the future, even in many cases. public.”
According to reports, Colonial Pipeline paid about 75 bitcoins, or $4.4 million, on May 8, the day after the ransomware attack was discovered. Although it claimed on May 12 that it would not pay the ransom.
The U.S. government has issued a warning through the Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury, warning companies that paying ransoms to sanctioned groups may put them in legal danger. Some cybersecurity experts recommend expanding such bans.
Tanium’s Hallenbeck said: “We have to decide whether paying the ransom should be illegal.” “By continuing to pay, we guarantee that future attacks will be profitable for attackers.”
A senior technical reporter for more than 20 years. Former research engineer. Wrote for more than twenty publications, including CNET News.com, “Dark Reading”, “MIT Technology Review”, “Popular Science” and “Cable News”.Won five awards in journalism, including the best deadline…View full bio