The pipeline regulations, which add to those governing the electric sector, have some lawmakers and administration officials wondering if more regulations are necessary.
Easterly said it was apparent “that voluntary standards are probably not getting the job done” in terms of prompting adequate cybersecurity protections at critical infrastructure firms.
“There probably is some sort of role for making some of these standards mandatory, to include notification,” she added. “I do think it’s important that if there’s a significant cyber incident, that critical infrastructure companies have to notify the federal government, in particular CISA. We have to be able to warn other potential victims.”
Previous Post
Next Post
