In the wake of the May 2021 DarkSide ransomware attack on the Colonial Pipeline, lawmakers have begun to rethink cybersecurity for our nation’s utilities. Before discussing the proposed federal response to the Colonial Pipeline attack, how the U.S. government currently regulates cybersecurity for the nation’s utilities must be understood.
The Current State of Utility Cybersecurity
To the likely surprise of many, the U.S. Transportation Security Administration (TSA), a branch of the Department of Homeland Security (DHS), currently oversees oil and gas pipeline security in the United States. See press release, Department of Homeland Security, “DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators” (May 27, 2021); and see Ellen Nakashima and Lori Aratani, DHS to issue first cybersecurity regulations for pipelines after Colonial hack, The Washington Post (May 25, 2021).