Cybersecuring the Pipeline

Kilovaty, Ido

Download This Paper

Open PDF in Browser

Add Paper to My Library

Cybersecuring the Pipeline

Houston Law Review, Vol. 60, 2023

47 Pages Posted: 8 Apr 2022 Last revised: 19 Apr 2023

See all articles by Ido Kilovaty

Ido Kilovaty

University of Arkansas, Fayetteville - School of Law; Yale University - Law School

Date Written: March 29, 2022

Abstract

The Colonial Pipeline ransomware attack, which shut down gas supply to the entire East Coast back in May 2021, has sparked the debate as to the regulation of the pipeline’s cybersecurity. After ten years of inaction on the matter, the Transportation Security Administration (TSA) has issued two mandatory directives on pipeline cybersecurity. This Article delves into the propriety of the TSA as a pipeline security regulator, as well as the incomplete and ineffective approach currently laid out in the TSA’s pipeline cybersecurity directives. This Article argues that there may be other agencies more suitable for the task, such as the Federal Energy Regulatory Commission, acting under the auspices of the Department of Energy. It also provides specific recommendations as to the substance of any prospective pipeline cybersecurity regulation, such as the creation of more open-ended and flexible cybersecurity objectives as opposed to the current approach of prescriptive standards.

Keywords: colonial pipeline, cybersecurity law, TSA, pipeline cybersecurity, oil and gas, energy law

Suggested Citation: Suggested Citation

Kilovaty, Ido, Cybersecuring the Pipeline (March 29, 2022). Houston Law Review, Vol. 60, 2023, Available at SSRN: https://ssrn.com/abstract=4070074