House of Reps, TSA Tackle Cybersecurity in the Energy Industry

Pierce Atwood LLP

Pierce Atwood LLP

This week, the House of Representatives approved three measures aimed at improving cybersecurity in the energy industry:

  • Energy Emergency Leadership Act. This Bill requires the Secretary of Energy to assign energy emergency and cybersecurity responsibilities to an Assistant Secretary, including responsibilities regarding infrastructure and cybersecurity.
  • Cyber Sense Act of 2021. This Bill encourages coordination between the Department of Energy and electric utilities. It also requires the Department of Energy to test products and technologies intended for use in the bulk power system.

These measures, which will now move to the Senate, are in response to the slew of recent cybersecurity attacks against critical U.S. infrastructure, including the ransomware attacks on Colonial Pipeline and JBS USA. You can find our previous post on the Colonial Pipeline cyberattack and the Federal Government’s response here.

In addition to the recent legislative efforts, the Department of Homeland Security’s (“DHS”) Transportation Security Administration (“TSA”) announced on July 20 a new security directive requiring owners and operators of critical pipelines transporting hazardous liquids and natural gas to implement urgently needed protections against cyber intrusions. The directive is in response to the “ongoing cybersecurity threat to pipeline systems” and follows the security directive issued by the TSA in May, immediately following the Colonial Pipeline cyberattack.

The new directive requires owners and operators of critical pipelines to develop and implement a cybersecurity contingency and recovery plan and conduct a cybersecurity architecture design review. The first security directive requires critical pipeline owners and operators to: 1) report confirmed and potential cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (“CISA”); 2) designate a Cybersecurity Coordinator to be available 24/7; 3) review current practices; and 4) identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA an CISA within 30 days.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Pierce Atwood LLP | Attorney Advertising

Written by:

Pierce Atwood LLP

Pierce Atwood LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.