Biden Energy Chief Says Cyber Rules May Be Needed for Pipelines

(Bloomberg) -- Mandatory cybersecurity requirements for pipeline operators may be needed, U.S. Energy Secretary Jennifer Granholm told lawmakers Wednesday as questions persisted about a ransomware attack that paralyzed the nation’s biggest gasoline pipeline last week.

Granholm’s remarks could be a hint the Biden administration will use its authority to set cyber regulations that have long been opposed by the pipeline industry in favor of voluntary measures.

While the Federal Energy Regulatory Commission has used its authority to set cybersecurity standards for the electric grid. The Transportation Security Administration, the federal agency charged with protecting the nation’s pipelines, has instead relied on voluntary best practices and self-reporting by the industry.

“One wonders whether it is time we match what we are doing on the electric side with what we do on the pipeline side,” Granholm said in response to a question while testifying on the agency’s budget request before a House panel.

The TSA didn’t immediately respond to a request for comment on Granholm’s comments. On Monday the agency declined to comment on if it planned any new rules in light of the attack on the Colonial Pipeline.

Granholm, responding to a question from Representative Fred Upton, a Michigan Republican, said the current requirements for critical energy infrastructure are “inadequate.”

“I think that this is an example, potentially, of that,” Granholm said.

“If we had standards in place would this particular ransomware attack been able to happen? I’m not 100% sure,” she said. “For entities that provide service to the public like that especially critical services like energy I think it’s an important consideration for this committee, for sure.”

Colonial Pipeline Co. halted operations on the 5,500-mile (8,851.4 kilometers) pipeline system, a critical supply of gasoline and other refined products to New York and other cities along the east coast, after it fell victim to a ransomware attack earlier this month. Fuel shortages continue to plague some cities and towns as Colonial works to fully restore the pipeline that supplies almost half the East Coast’s fuel.

Lawmakers are preparing a legislative response to the attack that could mandate new requirements for the pipeline sector, which has for years resisted efforts to regulate cybersecurity.

“This incident shows we have to do more to protect our nation’s energy infrastructure,” said Representative Frank Pallone, a New Jersey Democrat who chairs the House Energy and Commerce Committee. “I believe it’s time we consider mandatory enforceable reliability standards for our nation’s pipeline network.”