In the latest fallout from the Colonial Pipeline cybersecurity incident this spring, the U.S. Department of Homeland Security (DHS) has issued additional cybersecurity requirements for critical pipeline operators.
Citing an “ongoing cybersecurity threat against pipeline systems,” DHS is now urging operators to implement “urgently needed protections against cyber intrusions.”
With the Colonial incident ranking as one of the highest-profile cybersecurity incidents of the year in the U.S., this has prompted further investigation into the viability of cybersecurity measures throughout the industry.
A second directive issued by DHS indicates there is growing concern that operators, in general, are not adequately prepared to defend against more advanced threats.
Recommended Actions to Defend Against Cybersecurity Threats
The latest DHS security directive included specific actions that critical pipeline operators should take. While not every operator falls within the “critical” category, we recommend that each operator strongly consider implementing the following mitigation measures that DHS recommended:
- Protect against ransomware attacks and other known threats to IT and OT systems.
- Conduct a cybersecurity architecture design review.
- Develop and implement a cybersecurity contingency and recovery plan.
After the contingency and recovery plan is developed, we recommend taking additional actions. Specifically, provide training on the plan to the appropriate parties in your pipeline operation and also communicate the plan to external stakeholders.
Everyone plays a role in cybersecurity response, including contractors that have access to your systems and emergency response teams that need to be looped into your operation’s policies and procedures for cybersecurity response.
Taking countermeasures now will help your operation defend against rising threats from cyber attackers and minimize risks associated with a potential campaign launched against your operation.
How EnerSys Can Support Your Cybersecurity Defense
Through our technical expertise as a provider of pipeline control room management software, we can review your operation’s current use of technology to identify areas of concern. We’ll also review the architecture design of your systems to identify any potential vulnerabilities that could be exploited by a threat actor.
Through the combination of our subject matter expertise and our ComplyMgr software module, we can perform a gap analysis of your entire technology profile. After performing the assessment, we’ll help you determine the appropriate steps to build a stronger cyber defense and implement countermeasures against cyber threats.
Now is the time to act. Call us at 281-598-7100 to schedule your assessment. Alternatively, email sales@enersyscorp.com or complete our website contact form to get started. Ask for Dale Schafer or Ross Adams.