By Joseph Chalfant

The Biden administration is moving to implement cybersecurity requirements for U.S. pipelines.

The directive comes from Department of Homeland Security officials seeking to set industry standards to defend against ransomware attacks and other threats. Companies will be required to build cyber-attack contingency and recovery plans and conduct reviews of current security architecture.

“Through this Security Directive, DHS can better ensure the pipeline sector takes the steps necessary to safeguard their operations from rising cyber threats, and better protect our national and economic security,” said Secretary of Homeland Security Alejandro N. Mayorkas in a release. “Public-private partnerships are critical to the security of every community across our country and DHS will continue working closely with our private sector partners to support their operations and increase their cybersecurity resilience.”

The directive builds upon a May order that set security standards for pipeline operators in response to the Colonial Pipeline ransomware attack that left many East Coast gas stations empty.

The Department of Justice said the Russian hacking group DarkSide was behind the hack. An FBI task force managed to recover $2.3 million of the demanded ransom one month later.

The new policy is part of a larger move by the Federal Government to secure critical U.S. industries and infrastructure after a string of ransomware attacks dominated headlines this year. Officials believe that setting new industry standards is the first step in protecting American interests.

“The lives and livelihoods of the American people depend on our collective ability to protect our Nation’s critical infrastructure from evolving threats,” said Mayorkas.

Further news of pipeline vulnerability came after the Cybersecurity & Infrastructure Security Administration (CISA) revealed that Chinese hackers managed to disrupt pipeline operations in a series of attacks nearly a decade ago.

The government confirmed that 13 sites were compromised between 2011 and 2013. Eight more suffered “unknown depth of intrusion,” while three more had narrowly avoided falling victim to the attacks.

“CISA and FBI assess that this activity was ultimately intended to help China develop cyberattack capabilities against U.S. pipelines to physically damage pipelines or disrupt pipeline operations,” the report stated.

If the attack had been anything more than capability development, the CISA claims that China could have crippled U.S. oil and gas infrastructure.

“With this access, the Chinese state-sponsored actors could have impersonated legitimate system operators to conduct unauthorized operations,” read the report.