image

Analysis-Cyberattack Exposes Lack of Required Defenses on U.S. Pipelines

But the country’s 2.7 million miles (4.3 million km) of oil, natural gas and hazardous liquid pipelines have only voluntary measures, which leaves security up to the individual operators, experts said.

“Simply encouraging pipelines to voluntarily adopt best practices is an inadequate response to the ever-increasing number and sophistication of malevolent cyber actors,” Richard Glick, the chairman of the Federal Energy Regulatory Commission (FERC), said.

Protections could include requirements for encryption, multifactor authentication, backup systems, personnel training and segmenting networks so access to the most sensitive elements can be restricted.

FERC’s authority to impose cyber standards on the electric grid came from a 2005 law but it does not extend to pipelines.

Colonial Pipeline, the largest U.S. oil products pipeline and source of nearly half the supply on the East Coast, has been shut since Friday after a ransomware attack the FBI attributed to DarkSide, a group cyber experts believe is based in Russia or Eastern Europe.

The outage has led to higher gasoline prices in the U.S. South and worries about wider shortages and potential price gouging ahead of the Memorial Day holiday.

Colonial did not immediately respond to a query about whether cybersecurity standards should be mandatory.

The American Petroleum Institute lobbying group said it was talking with the Transportation Security Administration (TSA), the Energy Department and others to understand the threat and mitigate risk.

THIN STAFFING

Cyber oversight of pipelines falls to the TSA, an office of the Department of Homeland Security (DHS), which has provided voluntary security guidelines to pipeline companies.

But a 2019 report by the General Accountability Office, the congressional watchdog, said that the TSA only had six full-time employees in its pipeline security branch through 2018, which limited the office’s reviews of cybersecurity practices.

The TSA did not immediately respond to a request for comment on current staffing and whether it recommends mandatory measures for pipelines.

When asked by reporters whether the Biden administration would put in place rules, DHS Secretary Alejandro Mayorkas said it was discussing administrative and legislative options to “raise the cyber hygiene across the country.”

President Joe Biden is hoping Congress will pass a $2.3 billion infrastructure package, and pipeline requirements could be put into that legislation. But experts said there was no quick fix.

“The hard part is who do you tell what to do and what do you tell them to do,” Christi Tezak, an analyst at ClearView Energy Partners, said.

U.S. Representatives Fred Upton, a Republican, and Bobby Rush, a Democrat, said on Wednesday they have reintroduced legislation requiring the Department of Energy to ensure the security of natural gas and hazardous liquid pipelines. Such legislation could get folded into a wider bill.

The power grid is regulated by FERC, and mostly organized into nonprofit regional organizations. That made it relatively easy for legislators to put forward the 2005 law that allows FERC to approve mandatory cyber measures.

A range of public and private companies own pipelines. They mostly operate independently and lack a robust federal regulator.

Their oversight falls under different laws depending on what they carry. Products include crude oil, fuels, water, hazardous liquids and – potentially – carbon dioxide for burial underground to control climate change. This diversity could make it harder for legislators to impose a unified requirement.

Tristan Abbey, a former aide to Republican Senator Lisa Murkowski who worked at the White House national security council under former President Donald Trump, said Congress is both the best and worst way to tackle the problem.

“Legislation may be necessary when jurisdiction is ambiguous and agencies lack resources,” said Abbey, now president of Comarus Analytics LLC.

But a bill should not be seen as a magic wand, he said. “Standards may be part of the answer, but federal regulations need to mesh with state requirements without stifling innovation.”

(Reporting by Timothy Gardner; Editing by Cynthia Osterman and Marguerita Choy)


Source link

0 0 voter
Article Rating

S’abonner
Notifier de
0 Commentaires
Commentaires en ligne
Afficher tous les commentaires
Reset Password

Avertissement sur les risques :

Le trading peut vous exposer à des risques de pertes supérieures aux dépôts et ne convient qu’à une clientèle avisée ayant les moyens financiers de supporter un tel risque. Les CFD sont des instruments complexes et présentent un risque élevé de perte rapide en capital en raison de l’effet de levier. Entre 74 et 89% des comptes de clients de détail perdent de l’argent lors de la négociation de CFD. Vous devez vous assurer que vous comprenez comment les CFD fonctionnent et que vous pouvez vous permettre de prendre le risque élevé de perdre votre argent. Ce site n’est en aucun cas une offre de conseil en investissement ni une incitation quelconque à acheter ou vendre des instruments financiers. Trader le Forex et/ou les CFD’s implique un niveau de risque élevé, et peut ne pas être approprié car vous pouvez subir des pertes supérieures à votre dépôt. L’effet de levier peut être en votre défaveur.

Vous devez être conscient et avoir une compréhension complète de tous les risques associés au marché et au trading. Le site Union-trader.com peut être amené à produire des commentaires d’ordre général, ce qui ne constitue pas des conseils en investissement et ne doit pas être interprété comme tel.

Veuillez recourir aux conseils d’un conseiller financier extérieur. Le site Union-trader.com décline toute responsabilité pour les erreurs, inexactitudes ou omissions et ne garantit pas l’exactitude ou le caractère complet des informations, textes, graphiques, liens ou autres éléments contenus dans cette documentation. Toute information et toute mise à disposition sur le site ont un caractère privé.