In the beginning of May, a U.S. pipeline company suffered a ransomware attack. The company decided to respond by halting operations while it investigated the incident. This delayed tens of millions of gallons of fuel from reaching their destination all along the East Coast.

Less than a week later, Bloomberg reported that the company had paid millions of dollars to a ransomware group in order to regain access to their systems. U.S. government officials were aware of the payment, a source told Bloomberg. Acting through the Department of Justice (DOJ), those individuals retrieved part of the payment from the attacker’s bitcoin wallet.

The TSA’s Response

Alejandro Mayorkas, Secretary for the Department of Homeland Security (DHS), responded to the pipeline security incident discussed above by meeting with other officials to consider how they might leverage the Transportation Security Agency (TSA) to improve the digital security of the pipeline industry. Those individuals together decided that the TSA, a unit of the DHS, would issue a new security directive concerning companies in that sector. According to the Washington Post, the directive requires pipeline organizations to disclose security incidents such as ransomware attacks to TSA and the Cybersecurity & Infrastructure Security Agency (CISA). It also mandates that those organizations have someone like a CISO who has a 24/7 direct line to both TSA and CISA for the purpose of reporting an attack.

Senior officials at the DHS went on to say that the security directive will precede the release of a set of robust security controls concerning pipeline organizations. Those controls will break from previous pipeline security guidelines, noted by The Washington Post, as they won’t be voluntary. Pipeline organizations will need to use them to harden the security of their systems or risk incurring financial penalties.

Tripwire’s Response to the (Read more...)