Cybersecuring the Pipeline

47 Pages Posted: 8 Apr 2022 Last revised: 19 Apr 2023

See all articles by Ido Kilovaty

Ido Kilovaty

University of Arkansas - School of Law; Yale University - Law School

Date Written: March 29, 2022


The Colonial Pipeline ransomware attack, which shut down gas supply to the entire East Coast back in May 2021, has sparked the debate as to the regulation of the pipeline’s cybersecurity. After ten years of inaction on the matter, the Transportation Security Administration (TSA) has issued two mandatory directives on pipeline cybersecurity. This Article delves into the propriety of the TSA as a pipeline security regulator, as well as the incomplete and ineffective approach currently laid out in the TSA’s pipeline cybersecurity directives. This Article argues that there may be other agencies more suitable for the task, such as the Federal Energy Regulatory Commission, acting under the auspices of the Department of Energy. It also provides specific recommendations as to the substance of any prospective pipeline cybersecurity regulation, such as the creation of more open-ended and flexible cybersecurity objectives as opposed to the current approach of prescriptive standards.

Keywords: colonial pipeline, cybersecurity law, TSA, pipeline cybersecurity, oil and gas, energy law

Suggested Citation

Kilovaty, Ido, Cybersecuring the Pipeline (March 29, 2022). Houston Law Review, Vol. 60, 2023, Available at SSRN:

Ido Kilovaty (Contact Author)

University of Arkansas - School of Law ( email )

260 Waterman Hall
Fayetteville, AR 72701
United States

Yale University - Law School ( email )

P.O. Box 208215
New Haven, CT 06520-8215
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics