Strengthening Pipeline Cybersecurity: Safeguarding Critical Infrastructure

The importance of robust cybersecurity measures for pipeline operations has come to the forefront in recent years. Ensuring the security of these assets is vital to safeguard against potential cyber threats and disruptions. In this blog post, we’ll explore key cybersecurity considerations and recommended actions for pipeline operators, emphasizing proactive cybersecurity practices.

The Urgency of Strengthening Pipeline Cybersecurity

In May 2021, Colonial Pipeline faced a significant ransomware attack that forced a shutdown of their pipeline network, causing major disruptions across the Eastern U.S. This incident, as reported by Pipeline & Gas Journal, marked the most disruptive cyberattack on a pipeline ever, halting the flow of millions of barrels of products from the Gulf Coast to the East Coast.

The fallout from this cybersecurity breach resulted in gas shortages along the East Coast, a substantial ransom payment to regain control of the network, and prompted the U.S. Department of Homeland Security (DHS) to introduce new cybersecurity regulations for pipeline operators. Despite occurring over two years ago, the industry is still learning from this incident. 

Key requirements from the directive include reporting potential and confirmed cybersecurity incidents, designating a 24/7 Cybersecurity Coordinator, and conducting cybersecurity practice reviews with remediation measures.

These cybersecurity recommendations from the U.S. Department of Homeland Security (DHS) aim to fortify cybersecurity defenses as a response to the growing threats against pipeline systems.

The Transportation Security Administration (TSA) operates under the umbrella of the Department of Homeland Security (DHS). While the TSA’s main focus is on ensuring the security of transportation systems, the TSA also issues directives and regulations for the pipeline industry to enhance national security by mitigating risks associated with the transportation of hazardous materials and potential threats like sabotage or cyberattacks. The DHS has a broader mandate covering homeland security in various aspects.

2023 Cybersecurity Directive Updates

In July of 2023, the TSA released an updated directive in a continued effort to reinforce the industry’s cybersecurity preparedness.

This security directive mandates that pipeline system owners and operators specified by the TSA must take essential measures to prevent disruptions and deterioration of their infrastructure. The updated requirements in the security directive include:

• Submitting an updated Cybersecurity Assessment Plan to the TSA for review and approval on an annual basis.
• Annually reporting the outcomes of assessments conducted in the previous year, along with a schedule for evaluating and auditing specific cybersecurity measures to ensure their effectiveness. The TSA mandates that 100% of security measures be assessed every three years.
• Conducting tests for at least two Cybersecurity Incident Response Plan (CIRP) objectives and involving individuals in roles identified in the CIRP in their mandatory annual exercises.

Recommended Actions for Pipeline Cybersecurity

While not every operator is categorized as critical^*, all should consider implementing the following cybersecurity measures recommended by DHS:

1. Protect Against Ransomware and Known Threats: Defend against ransomware attacks and other known threats to both IT and OT (Operational Technology) systems. Employ robust security measures to mitigate these risks.
   • This could include building a comprehensive incident response plan and testing it regularly, regular software patching, network segmentation, security training, or restricting access control.

2. Cybersecurity Architecture Review: Conduct a comprehensive review of your cybersecurity architecture. Identify vulnerabilities that could be exploited by threat actors and take steps to address them.
   • Review this Pipeline Cybersecurity Fact Sheet for more information.

3. Cybersecurity Contingency and Recovery Plan: Develop and implement a contingency and recovery plan specifically tailored to cybersecurity incidents. This plan should outline procedures for responding to threats effectively.
   • To view TSA’s security directives and guidance documents, please visit: the TSA Cybersecurity Toolkit.

4. Training and Communication: After developing the contingency and recovery plan, ensure that relevant personnel within your pipeline operation receive training on its implementation. Communicate the plan to external stakeholders as well.

*From the TSA:

“A pipeline facility is considered critical if it provides primary service to designated critical infrastructure and is determined by the operator to be a “single point of failure” (i.e., does not have redundancy or systematic backup). TSA defines a single point of failure as a facility that if rendered inoperable would degrade service to critical infrastructure to the point that the infrastructure would not be able to satisfactorily perform its critical mission.”

Read more about the TSA Pipeline Security Guidelines

A Holistic Approach to Pipeline Cybersecurity

Effective cybersecurity is a collective effort that involves various aspects of your pipeline operation:

• People: Educate your staff about cybersecurity and their role in maintaining good cybersecurity hygiene. Encourage practices like regular password updates and avoiding password reuse.
• Alerting: Implement an alerting system for reporting suspicious activities promptly. Ensure your systems have built-in alerting functionality to inform IT leaders of unusual events.
• Hardware and Software: Keep all hardware and software up to date and adequately protected. Identify and secure legacy systems that are no longer in use.
• Systems: Regularly update software and applications, ensuring they are patch-current. Disable unused legacy VPNs to reduce vulnerabilities.
• Communication: Optimize network communication from the field to the control room and prioritize data protection.
• Data Backups: Maintain robust data backup procedures and regularly test them to ensure quick recovery in case of a cyber attack.

Taking Action: Reviewing Cybersecurity Readiness

Pipeline operators should review their technology, SCADA platforms, assets, human capabilities, policies, recordkeeping, and systems. Identify strengths and weaknesses, and seek expert assistance for gap analysis and recommendations regarding their cybersecurity posture. As cyber threats against industrial companies continue to rise, it’s crucial to act proactively to strengthen your operation’s defense against potential cyber attackers. By implementing these cybersecurity measures, the pipeline industry can enhance the security of critical infrastructure and reduce the risk of disruptive incidents. Prioritizing cybersecurity is essential to ensure the continued safe and efficient operation of pipeline systems.

Enhance Your Pipeline Cybersecurity with Our Expertise

At EnerSys, we offer comprehensive solutions to strengthen your pipeline operation’s cybersecurity. Our expertise in pipeline control room management software and cybersecurity makes us your trusted partner in defending against cyber threats.

Evaluate Your Technology Challenges

Are you concerned about the cybersecurity readiness of your operation? In an era where cyber attackers are constantly seeking vulnerabilities, it’s crucial to ensure your defense is robust. Let us help you assess your current technology challenges and cybersecurity readiness.

Gap Analysis for Cyber Defense

Our approach combines our ComplyMgr software module and subject matter expertise to conduct a thorough gap analysis of your technology profile. This assessment identifies potential vulnerabilities that threat actors could exploit. We then guide you in taking the necessary steps to fortify your cyber defense.

Contact Us for Expert Support

Ready to enhance your pipeline cybersecurity? Reach out to our experts, Dale Schafer or Ross Adams, for a consultation. We’re here to assist you in safeguarding your pipeline operation against cyber threats.

Call us at 281-598-7100, email sales@enersyscorp.com, or complete our website contact form to schedule an assessment and take proactive steps in securing your critical infrastructure.