This post is not meant to endorse specific agencies or companies, nor is it meant to support any specific piece of legislation. Rather, we just wanted to begin a much-needed conversation about cyber security and our nation’s pipelines.
We are all aware of the acute threats from hackers and of their ability to wreak havoc, disrupt infrastructure, and compromise data integrity. And the threat to the oil and gas industry is no less.
The US has the largest network of energy pipelines in the world, with more than 2.7 million miles of pipe. A cybersecurity breach within the pipeline environment could have a tremendous impact, from compromised data creating competitive disadvantages to automated pressure changes causing catastrophic physical disruptions.
So what has happened and what is being done?
With such thin oversight, it’s in an operator’s best interest to be proactive and develop an effective and well thought out strategy to protect their data and assets.
According to cybersecurity solutions architect, Mike Baldi, the TSA recommends that pipeline operators should properly identify both critical and non-critical facilities during the design and development of their security program. Only then can the most vital assets be given the highest security protection.
As stated by the TSA, pipeline owners should adopt:
baseline security measures to protect non-critical facilities. For critical facilities, they should perform a security vulnerability assessment to identify, evaluate and prioritize risks. The outcome of this assessment will determine the appropriate security measures required to properly mitigate or reduce risks. The security vulnerability assessment may include asset characterization, threat assessment, vulnerability assessment, risk determination and possible countermeasures to reduce the risk.
The time is now, get ahead of the curve and don't wait for something to go wrong.