US Fuel companies should report cyberattacks to the government

US Homeland Security has passed out an order that all fuel generation and pipeline companies operating in the country should report cyberattacks to the government as soon as they are impacted.

The decision comes after Congress expressed its disappointment on Colonial Pipeline ransomware payment of $4.4m paid to DarkSide ransomware group that reportedly stole over 100GB of data after gaining control of the fuel supplier’s servers just for a time frame of two hours….now that’s interesting….isn’t it?

Replacing some of the old rules with the new ones, all pipeline companies should safeguard their IT infrastructure against cyber attacks such as the recently discovered ransomware and last year’s SolarWinds hack.

“Some nations driven by greed and the thirst to lead the entire world are indulging in some obnoxious digital activities by exploiting the vulnerabilities in the digital ecosystem. And this is not going to be tolerated anymore”, says Chris Kreb, the director of DHS who testified before Congress early this month on the issue of the Colonial Pipeline hack.

As companies never report ransomware attacks, the government is failing to guestimate the seriousness of the attack and this is bad said Krebs in an interview to Morning Edition.

Thus, going with the latest directive, fuel distributors need to report Cybersecurity incidents to Transportation Security Administration (TSA), instead of CISA- irrespective of their public or private status.

How well the TSA is equipped to deal with such incidents is yet to be clarified by the Department of Homeland Security. But the directive will be coming into effect from early next month and will help the government in formalizing policies and streamlining operational decisions on a progressive note.

Now, to those who fail to do so, they all are hereby informed that such disobedience will never be entertained and will be leading to penalties and shutdowns of operations under certain conditions.

Ad
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display