The Department of Homeland Security on Tuesday required owners and operators of critical pipelines that transport hazardous liquids and natural gas to implement “urgently needed protections against cyber intrusions.”
It was the second security directive issued by the department’s Transportation Security Administration since May, after a hack of the Colonial Pipeline disrupted fuel supplies in the southeastern United States for days.
The department said the action was in response to “the ongoing cybersecurity threat to pipeline systems.”
“The lives and livelihoods of the American people depend on our collective ability to protect our nation’s critical infrastructure from evolving threats,” Secretary of Homeland Security Alejandro N. Mayorkas said in the statement.
The security directive requires TSA-designated critical pipelines to take certain mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, implement a cybersecurity contingency and recovery plan, and conduct a cybersecurity architecture design review, DHS said.
A ransomware attack forced Colonial Pipeline, which runs from Texas to New Jersey, to shut much of its network for several days in May, leaving thousands of gas stations across the U.S. Southeast without fuel.
The closure of the 5,500-mile (8,900-km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.