Cybersecuring the Pipeline
47 Pages Posted: 8 Apr 2022 Last revised: 19 Apr 2023
Date Written: March 29, 2022
The Colonial Pipeline ransomware attack, which shut down gas supply to the entire East Coast back in May 2021, has sparked the debate as to the regulation of the pipeline’s cybersecurity. After ten years of inaction on the matter, the Transportation Security Administration (TSA) has issued two mandatory directives on pipeline cybersecurity. This Article delves into the propriety of the TSA as a pipeline security regulator, as well as the incomplete and ineffective approach currently laid out in the TSA’s pipeline cybersecurity directives. This Article argues that there may be other agencies more suitable for the task, such as the Federal Energy Regulatory Commission, acting under the auspices of the Department of Energy. It also provides specific recommendations as to the substance of any prospective pipeline cybersecurity regulation, such as the creation of more open-ended and flexible cybersecurity objectives as opposed to the current approach of prescriptive standards.
Keywords: colonial pipeline, cybersecurity law, TSA, pipeline cybersecurity, oil and gas, energy law
Suggested Citation: Suggested Citation