After the Colonial Pipeline cyberattack in 2021, the U.S. government introduced new cybersecurity mandates for pipeline operators to strengthen critical infrastructure protections. These mandates are overseen primarily by the Transportation Security Administration (TSA) and focus on enhancing pipeline cybersecurity to prevent similar attacks in the future.

Here are the key types of compliance that U.S. pipeline administrators must follow under these new mandates:

1. Incident Reporting and Monitoring

• Requirement: Pipeline operators must report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours.
• Impact: This allows faster coordination and response between federal agencies and affected operators to contain any threats and mitigate damage.

2. Vulnerability Assessment and Risk Management

• Requirement: Pipeline companies must identify, assess, and address vulnerabilities in their systems. This involves continuous risk evaluation, identification of critical systems, and prioritization of cybersecurity improvements.
• Impact: This proactive approach ensures that operators can patch weak points before they are exploited.

3. Implementation of Cybersecurity Plans

• Requirement: Pipeline operators are required to develop and implement a cybersecurity plan. This includes creating policies for access controls, network segmentation, and maintaining secure operational technology (OT) and information technology (IT) systems.
• Impact: The plan must outline how the operator will prevent, detect, and respond to cyber threats.

4. Use of Multi-Factor Authentication (MFA)

• Requirement: The mandate requires operators to use MFA for access to critical systems, reducing the risk of unauthorized access.
• Impact: This ensures that even if credentials are compromised, additional authentication layers are required for access.

5. Backup and Recovery Systems

• Requirement: Companies must implement backup and recovery plans for critical systems to ensure continuity in case of an attack.
• Impact: This allows for faster recovery from ransomware attacks or system failures, limiting operational downtime.

6. Regular Audits and Assessments

• Requirement: Operators are required to undergo regular cybersecurity audits and assessments by TSA, CISA, or third-party security professionals to ensure compliance with standards.
• Impact: Audits ensure that companies maintain high standards of cybersecurity and are continuously improving their defenses.

7. Employee Training

• Requirement: Operators must conduct regular cybersecurity training for employees, ensuring that personnel are aware of risks, new policies, and how to respond to incidents.
• Impact: Human error is a significant vulnerability in cybersecurity, and proper training helps reduce the chances of security breaches through phishing or other methods.

8. Coordination with Federal Authorities

• Requirement: Pipeline operators are required to cooperate with federal authorities like CISA and TSA to enhance national security efforts.
• Impact: Stronger collaboration allows for better sharing of intelligence and resources in case of national-level threats.

These mandates were largely a response to the Colonial Pipeline ransomware attack, which demonstrated vulnerabilities in the U.S. energy infrastructure, prompting the need for stricter controls and coordinated defense efforts. The focus on continuous risk management, monitoring, and collaboration aims to fortify the cybersecurity defenses of U.S. pipelines, ensuring resilience against future cyber threats.