Reuters Legal: O’Melveny’s Dermody on New Cybersecurity Directives For Critical Pipelines

August 03, 2021

The Department of Homeland Security (DHS) has increased cybersecurity for the 2.6 million miles of oil and gas pipelines that crisscross the United States by issuing its second pipeline security directive to address the vulnerabilities of pipelines to ransomware attacks since the Colonial Pipeline hack in May. Reuters Legal interviewed O’Melveny counsel and former legal advisor for DHS John Dermody about the new initiative.

Dermody outlined some of the new additions in the second directive, including “[t]he requirement to have to report to DHS within 12 hours of an incident,” and “[t]he requirement to designate a singular point of contact that the government can work with to respond to a particular incident.”

Because the new directive does not specify compliance mechanisms, Dermody added, an important question remains: “How productive is it going to immediately jump out of the gate with fining companies for noncompliance when you are very much adopting sort of a novel regulatory approach?” 

Read the full article here.