DHS reports cybersecurity breaches to mandate pipeline companies


“The Biden administration is taking further action to better secure our nation’s critical infrastructure. The TSA, in close cooperation with the (Cyber ​​Security and Infrastructure Security Agency), is coordinating with companies in the pipeline sector Is to ensure that they are taking all necessary steps to increase their resilience. To secure cyber threats and their systems. We will release additional details in the coming days, “said DHS spokeswoman Sarah Peck .

The directive will be issued by the Transportation Safety Administration, the leading federal agency for transportation safety, including hazardous materials and pipeline safety.

It is still in the works and has not been finalized, the source said, adding it will be the first step as the department continues to work on a more robust proposal to increase pipeline safety.

The proposal was first reported by First Washington Post.

Currently, pipeline operators follow TSA security guidelines and report cybersecurity incidents on a voluntary basis.

Earlier on Tuesday, Homeland Security Secretary Alejandro Meierkas told reporters that “ransomware is one of the biggest cybersecurity threats we face in the United States,” speaking at a TSA event about the summer trip.

He said the department is “working very closely in public-private partnerships” to inform the business and cybersecurity community about how to prevent and respond to these attacks, he said.

Another familiar source told CNN that the draft directive would require companies to report cyber incidents to a division of the Cybersecurity and Infrastructure Security Agency, DHS.

This is the first time the TSA has required these companies to report cyber incidents, the source said, which the Biden administration considers to be a “first step” that can be quickly taken up with various other strong requirements and ideas that are now in place Are also under discussion.

A DHS official said that safety instructions are issued when there are difficult situations, as was done in the case of face masks.

Use of a directive would allow the department to take these steps temporarily without the need for new federal regulation or legislation. But those steps could be taken later.

Meanwhile, the colonial pipeline is still trying to be narrow. How did its network disband? CNN previously reported that the critical pipeline was closed after the ransomware attack.

The incident prompted a large-scale federal response to chase criminals and prevent more violations. In the wake of the attack, critical infrastructure companies have come to the Cyber ​​Security and Infrastructure Security Agency for information, causing webpages to be hit for the agency’s ransomware resources.

Last week, the agency publicly released a set of technical data from the colonial incident to help other companies and critical infrastructure utilities protect themselves against similar attacks.

A former DHS official told CNN that there had been some disappointment from within the cyber security and infrastructure security agency that some private sector companies in key infrastructure sectors were still not the first call to the agency in such incidents She sees.

The Colonial Pipeline informed the FBI about the attack on the morning of May 7 and continues to work regularly with the FBI, a company spokesperson said earlier.

“He did not contact the CISA directly,” Brandon Wells, acting director of the Cyber ​​Security and Infrastructure Security Agency, told lawmakers during a hearing on Tuesday in Capitol Hill earlier this month. “We were brought in by the FBI after being informed of the incident.”

Asked if it was a “problem” that the cybersecurity agency was not directly informed, Wells said: “I think there is a benefit when CISA is brought in early because the information we collect We work to share that widely. Fashion to protect other critical infrastructure. “

The agency received information from the Colonial Pipeline soon after the incident occurred and subsequent updates were provided primarily through the Department of Energy, a cybersecurity agency spokesman previously told CNN.

US officials and cybersecurity experts have told CNN that the colonial incident only reinforces the belief that private companies should make more efforts to protect themselves from being targeted by ransomware attackers, but whether those standards are federal Should be regulated by the government, it remains a matter of debate.

“Companies need to do a better job of securing their enterprises,” said Adam Meyers, senior vice president of intelligence for cyber security company CrowdStrike. He added that “there are some basic things that companies can do to make themselves a difficult target.”

Criminal actors are going to “take the path of least resistance”, he said.

Meyers said, “We’re talking about building a slightly more secure enterprise, making sure you have the latest technology. Organizations aren’t really struggling enough to protect themselves.”

Cnn previously reported According to officials familiar with the government’s initial investigation into the incident, Biden administration officials had privately expressed disappointment as the Colonial Pipeline’s weak security protocols and lack of preparedness allowed hackers to pull off a crippling ransomware attack Could give
Last week, Colonial Pipeline CEO Joseph Blount told the Wall Street Journal that he had authorized Ransom payment of $ 4.4 million In response to a cyber attack on the company’s network, in the first public announcement about payment.
Cyber ​​Security and Infrastructure Security Agency and FBI Do not encourage ransom For criminal elements because it may encourage opponents to target additional organizations and does not guarantee that victim’s files will be recovered.

“It was the right thing to do for the country,” Blount said. “I did not take it lightly. I will admit that I was not comfortable seeing money going out to people in this way.”

Colonial pipeline system Returned to normal operation On May 15, the company said, about a week after the first discovery of the ransomware attack – helping to ease the gasoline shortage plaguing consumers on the East Coast.

House Homeland Security chairman Benny Thompson, a Mississippi Democrat, called the move to implement the security directive “a major step in the right direction”.

“While the colonial pipeline attack suggests that much work has to be done to protect the nation’s pipelines and other critical infrastructure from cyber attacks, this TSA security directive is a major step towards ensuring that pipeline operators are cyber Taking security seriously and reporting any incident immediately, ”he said in a statement.

The TSA will remain “the federal entity responsible for pipeline safety with officials mandating safety requirements,” Thompson said.

This story has been updated with additional information.

CNN’s Zachary Cohen and Gregory Wallace contributed to this story.


Source link