The Biden administration will announce on Thursday that it is requiring the nation’s pipeline companies to report to the government any time they are hit with a significant cyberattack, and to create 24-hour emergency centers for such episodes.
The move is the first of several, administration officials said on Wednesday night, to address the lessons of the Colonial Pipeline ransomware attack this month, which forced Colonial to shut off the systems that send gasoline and jet fuel to nearly half of the East Coast. But based on the details released by people familiar with the order, it does little to solve the central problems that were revealed by that attack.
The officials characterized the step as more aggressive regulation of the pipelines, under authority that belongs to the National Transportation Safety Board. Presumably those requirements will examine whether the attacks on the business network can “migrate” to the operational controls of the pipelines themselves.
In the Colonial Pipeline case, the company brought down the flow of gasoline and jet fuel for fear that malware in its business software — filled with budgets and emails — could interact with the digital control systems used for directing the fuel to tanks up and down the Eastern Seaboard.