After Crippling Colonial Pipeline Cyber Attack, Industry Still Resists Incident Reporting Requirements

Following the recent Colonial Pipeline ransom attack, there is a push in Congress for new pipeline security legislation, but the bill now on the table is weak, according to an American Public Media Marketplace report. It differs significantly from corresponding legislation in the airline and utility industries, where major problems get reported to regulators and will be investigated as part of an effort to avoid problems in the future. Pending legislation recommends that pipelines companies share incident information with other companies, as well as the Transportation Security Administration, but there is no requirement they do so. That is the trade group International Pipeline Resilience Organization prefers to have it. “The IPRO model enables pipelines to volunteer for an appropriate level of scrutiny,” says a statement on its website. Currently, according to a survey by law firm Jones Walker, eight percent of pipeline companies share information with industry and government.