The cars lined up for hours at gas stations in the southeast of the nation, amid the shutdown of the Colonial pipeline due to a ransomware attack, underscoring the continuing threat of cyberattacks.
The American Petroleum Institute reported to the media this week that the incident underscores the vital importance of maintaining the country’s pipeline infrastructure and developing additional pipeline infrastructure. The industry association also noted that cyber threats are nothing new in pipelines, in fact in any sector.
Any new regulations aimed at tackling the cybersecurity of the pipelines would be premature, according to the association, which says flexibility is needed to allow companies to address ever-evolving technology, hardware and threats.
A spokesman for the Interstate Natural Gas Association of America told Reporter-Telegram by email: “Natural gas pipelines are a critical infrastructure that moves a third of the energy consumed daily in the United States. INGAA member companies work 24 hours a day to protect and safeguard this vital transportation network and the technological systems that operate it to ensure a secure and reliable energy supply to the hundreds of millions of Americans who rely on We. The cybersecurity protections of our members include the implementation of standards set by TSA and NIST, field assessments administered by CISA, intelligence exchange with numerous government and industry partners, and establishing a culture of security within their organizations. with all employees active in the prevention of cybersecurity threats. .
“Following the cybersecurity attack on Colonial Pipeline, our members began monitoring their systems with enhanced surveillance and taking actions such as verifying whether cybersecurity protections and backups were operational and scanning their systems for get indications of the type of intrusion that was reported to have affected Colonial.We do not know any impact on natural gas pipelines as a result of this cyberattack.As we learn more about this recent event in the coming days and weeks, INGAA members are committed to continuing our efforts to identify and implement opportunities to further enhance our cybersecurity programs. “
Pipes have tried to make sure they have taken and continue to take steps to protect their infrastructure from threats.
Kinder Morgan, owner of Pipe Products (SE), formerly Plantation Pipe Line Company, said the pipeline is still online and in full service and is currently working with customers to accommodate additional barrels during downtime. Colonial.
“We will continue to work according to industry best practices and in coordination with our customers and regulators as the situation evolves,” the company told Reporter-Telegram in a statement.
Energy Transfer told Reporter-Telegram in an email statement that the company “has a robust cybersecurity program that is deployed at all levels of the company to keep our assets safe. Ongoing training, strong identity and access management structures, supply chain security assessments, endpoint protection, network segmentation and a security operations center work together to ensure the confidentiality, integrity and availability of our systems. “
Energy Transfer also cited its cybersecurity initiatives on the home page of its website after the colonial pipeline closed.
Asked what impact a similar attack on a crude oil or natural gas pipeline would have, Rob Roberts, director of the Opportune LLP process and technology group, told Reporter-Telegram in a telephone interview that a shutdown of crude would have an impact softer. He explained that crude is very much in the supply chain and that refineries have a supply cushion that would mitigate any impact for a couple of weeks.
As for natural gas pipelines, he said the jeans tested a possible closure in February thanks to the Uri winter storm.
“Depending on the season and where it was located (the attack), it would have an impact on power generation,” Roberts said. “Even in the summer, ERCOT now has difficulty balancing supplies if a ground floor.”
Larger companies deal with cybersecurity, he said. The industry has undergone a technological transformation, adopted digital technology, and placed cybersecurity at the forefront of its efforts, training employees and hardening systems.
“Many organizations launch their own fishing attacks to test employees,” he said.
Technology is changing so rapidly, he said, that by the time the proposed legislation to address specific threats leaves the committee, those threats have become obsolete.
Other challenges include the piping systems themselves. The Colonial pipeline is 550 miles, but Roberts noted that there are shorter lines that interconnect with it along the route. Kinder Morgan mentioned his PPL line and Roberts noted that it was about merging pipes with different systems, meaning information technology management had to cover “10 bases instead of two”.
Today it is impossible to disconnect the oil patch: drilling rigs, pumping units and tank batteries can send data to engineers and geologists hundreds, if not thousands of miles away. And companies up and up can also communicate using digital technology.
Without strong and constantly evolving cybersecurity, Roberts warned that interconnection “could be its downfall.”