Washington — The Department of Homeland Security on Tuesday introduced new necessities for U.S. pipeline operators to bolster cybersecurity following a May ransomware assault that disrupted fuel supply throughout the East Coast.
In a press release, DHS mentioned it will require operators of federally designated crucial pipelines to implement “particular mitigation measures” to forestall ransomware assaults and different cyber intrusions. Operators should additionally implement contingency plans and conduct what the division calls a “cybersecurity structure design assessment.”
It’s the newest response by the Biden administration to a collection of ransomware assaults and intrusions hitting crucial U.S. infrastructure and elevating fears about American cybersecurity.
DHS didn’t instantly launch additional particulars concerning the steering, which comes after one other directive issued weeks after the May 7 assault on Georgia-based Colonial Pipeline.
U.S. businesses on Tuesday additionally disclosed that Chinese government-linked intruders focused 23 pure fuel pipeline operators from 2011 to 2013. Thirteen of these assaults had been confirmed intrusions, in line with a authorities advisory.
The Colonial assault led to the shutdown of a system delivering about 45% of the gasoline consumed alongside the East Coast and sparked lengthy strains and fuel shortages in a number of states.
Colonial paid an estimated $4.4 million ransom, most of which was recovered by the Justice Department. The FBI has blamed the assault on a Russia-based gang of hackers utilizing the DarkSide ransomware variant.
The Biden administration has repeatedly accused Russia of granting protected haven to legal gangs and attempting to steal from authorities businesses and personal organizations in numerous sectors. It imposed sanctions in April for a spread of actions together with hacking.
Russia has broadly denied being concerned in cyberattacks of U.S. establishments, decrying “unfounded accusations” in a press release final month.
The U.S. and key allies this week accused China of complicity in a large hack of Microsoft Exchange e-mail server software program that victimized hundreds of organizations. That announcement, nonetheless, was not accompanied by sanctions in opposition to China, which has accused the U.S. of creating “groundless assaults” in opposition to it relating to cybersecurity.