[20210524]IN11683_关键基础设施政策：殖民管道攻击后的信息共享和披露要求.pdf

CRS INSIGHT Prepared for Members and Committees of Congress INSIGHTINSIGHTi i Critical Infrastructure Policy: Information Sharing and Disclosure Requirements After the Colonial Pipeline Attack May 24, 2021 The ransomware attack against the Colonial Pipeline Company spurred panic buying and fuel shortages along the Eastern Seaboard. Although the attack did not target pipeline control systems, it forced the temporary suspension of fuel shipments via a major pipeline network, according to a company statement. The Biden Administration announced Executive Order (E.O.) 14028 (the EO), “Improving the Nations Cybersecurity” on May 12, 2021, framing it as a response to the pipeline incident and other recent cyberattacks. While the EO creates requirements that apply to federal agencies and government contractors, the Administration hopes that these actions will have a secondary effect of improving cybersecurity among critical infrastructure companies. An official, briefing reporters about E.O. 14028, said, “Anybody doing business with the U.S. government will have to share incidents so that we can use that information to protect Americans more broadly.” Asked whether the Administration would