In May, Colonial Pipeline was targeted by a ransomware attack that led to a shutdown of their pipeline assets covering most of the Eastern U.S. According to Pipeline & Gas Journal, this was the most disruptive pipeline cyberattack on record, as it prevented millions of barrels of product from flowing through pipelines from the Gulf Coast to the East Coast.
This cybersecurity incident led to gas shortages across the East Coast, led to the payment of a multi-million dollar ransom to restore the computer network that was held hostage and to prevent the release of sensitive information, and led the U.S. Department of Homeland Security (DHS) to issue new pipeline cybersecurity requirements for pipeline operators.
[Listen to this special edition of the Pipeliners Podcast covering the immediate fallout from the Colonial cybersecurity incident.]
On May 27th, DHS announced a security directive “that will enable the Department to better identify, protect against, and respond to threats to critical companies in the pipeline sector.”
The question for pipeline operators is how this directive affects current operations and what you can do to better ensure the security of your pipeline assets.
How the DHS Directive Affects Pipeline Operations
According to the security directive issued by DHS, critical pipeline owners and operators are now required to “report confirmed and potential cybersecurity incidents to the DHS Cybersecurity and Infrastructure Security Agency (CISA).” This report should be sent as soon as practicable, but no later than 12 hours after the threat is identified.
DHS is also requiring that affected operators designate a Cybersecurity Coordinator that needs to be available around the clock (24/7) to monitor and report threats.
A further requirement is that affected pipeline operators review their current cybersecurity practices, identify gaps, and measure cybersecurity risks. After performing this gap analysis, operators are expected to report their findings to CISA by June 27th.
While some operators may not fall into the “critical operators” category, we recommend that all operators take this directive as an opportunity to assess your cybersecurity program and work toward closing any gaps.
Performing an assessment is also important for all operators because the Transportation Security Administration (TSA) division within the Department of Transportation (DOT) is considering introducing mandatory pipeline cybersecurity measures.
According to the DHS announcement, the potential measures will be designed to enhance pipeline cybersecurity by strengthening the public-private partnership that is “critical to the cybersecurity of our homeland.” As part of the initiative, DHS plans to continue working closely with the private sector to support pipeline operations and “increase the resilience of our nation’s critical infrastructure.”
Action to Take Reviewing the Cyber-Integrity of Pipeline Assets
Pipeline operators of all sizes should review the key lessons learned from the Colonial cybersecurity incident, work toward applying the lessons learned to their operation, and perform an internal review of current cybersecurity vulnerabilities. Ask some critical questions to evaluate your cyber-readiness:
- Review your current technology — is software updated and secure?
- Review your current SCADA platform — is it outdated or not fit for purpose?
- Review your current pipeline assets — can you account for every mile of pipe in the field?
- Review your human capabilities — is your team trained on how to identify a potential cyber attack?
- Review your policies and procedures — does your team know how to respond to a cyber attack?
- Review your recordkeeping and documentation — do you have a method of recording and reporting your operation’s response to a cybersecurity incident?
- Review your current systems — do you have the appropriate tools to support cybersecurity?
Your operation may be strong in some areas, but not others. That’s where we can come in and provide subject matter expertise reviewing your current cybersecurity strengths and weaknesses. Through our gap analysis, we can provide recommendations on how to reinforce areas of strength and elevate areas of weakness.
Now is the time to act, as cyber-attacks on industrial companies such as pipeline operators are expected to continue to rise. Let’s make sure your operation is prepared to form a strong defense against cyber attackers.
Contact us today to discuss a gap analysis of your pipeline operation utilizing our ComplyMgr software module. We can also perform an assessment of your current SCADA system to determine if it’s the right fit for your operation.