The Colonial Pipeline cyberattack is still causing ripples. Some of these federal mandates may mark major changes for operational technology (OT) cybersecurity.
The privately held Colonial Pipeline company, which provides nearly half of the fuel used by the East Coast — gasoline, heating oil, jet fuel and fuel for the military totaling around 100 million gallons a day — was hit by a double-extortion ransomware attack by a DarkSide group in May of 2021.
In reaction, the company shut down pipeline operations and IT systems. Next, they brought in FireEye’s Mandiant to conduct cyber forensics.
The event triggered panic in national security circles. After years of talk about whether a state-sponsored cyberattack could shut down major infrastructure or utilities on a massive scale, it seemed like that fear finally came true. In fact, the company was motivated by money and chose to shut down.
Still, the Colonial Pipeline attack mobilized the federal government into action. And that action is what’s still causing lingering problems.
TSA Responses to Colonial Pipeline Attack
In the aftermath of the attack, the Transportation Security Administration (TSA) issued two major mandatory cybersecurity directives for all U.S. pipeline operators. TSA rules had been voluntary before this. Now, violators could be fined up to $11,904 per day.
Trouble is that the TSA developed these rules without notice-and-comment rulemaking, which would have enabled pipeline companies to contribute to the crafting of rules to make them more feasible. Even Congress wasn’t notified of the rules in advance.
Some pipeline operators are now saying that not only are some rules confusing and too complex, but they might even after colonial pipeline attack regulation still problem
