After Colonial hack, pipeline sector faces government scrutiny | #government | #hacking | #cyberattack

WASHINGTON – The ransomware attack on the East Coast’s Colonial Pipeline has raised the prospect of increased government oversight of cybersecurity in the U.S. energy sector, amid questions of the vulnerability of a loosely regulated network of pipelines, oil wells and other infrastructure to sophisticated cybercriminals.

The energy industry, centered in Texas, is critical to keeping cars and trucks moving and power plants running. But companies’ cybersecurity measures are uneven, experts said. While the biggest companies, such as Exxon Mobil or the Houston pipeline giant Kinder Morgan tend to be well protected, small and mid-size firms have less sophisticated defenses, providing enticing targets for hackers.

“If you’re handling a lot of product and you have a lot of cash flow, the expectation would be you’re going to spend on cybersecurity, but not everyone is at the same strategic level as an organization like Exxon or Chevron,” said Charles McConnell, a former U.S. assistant energy secretary now at the University of Houston. “The question you have to ask is, ‘Does the federal government need to step in to protect the folks that can’t protect themselves?’”

That question is particularly relevant in Houston and along the Gulf Coast, home to thousands of miles of pipelines and one of the world’s biggest concentrations of oil refiners, chemical makers and liquefied natural gas exporters.

Colonial, a joint venture between energy and investments firms including Koch Industries, Kohlberg Kravis Roberts and Royal Dutch Shell, said Friday that hackers broke into its computer network and threatened to delete critical customer data and make public other potentially sensitive information unless the company paid an undisclosed ransom.

The company then shut down the more than 5,000-mile-long pipeline, cutting off almost half the fuel supply of the East Coast. Fuel prices are stable so far, but that could change if Colonial does not return the line to service soon, analysts said.

The details of the attack, including how hackers got into the system, remain private. But the extent of Colonial’s cybersecurity measures is likely to come under scrutiny in the weeks and months ahead, as federal officials investigate.

At a White House briefing Monday, national security officials outlined a series of moves by the Biden administration to offer aid to critical industries such as energy, health care and transportation.

“This weekend’s events put the spotlight on the fact this nation’s infrastructure is largely operated by private companies, and when they are attacked, we depend on the effectiveness of their defenses,” said Deputy National Security Adviser Liz Sherwood-Randall.

Colonial said Saturday it had retained a “leading, third-party cybersecurity firm” and was “taking steps to understand and resolve this issue,” but so far has offered limited information on what went wrong.


For years, cybersecurity experts have warned that U.S. infrastructure, with its hodgepodge of private firms operating independently, remain particularly vulnerable to cyberattack by both criminals and nations such as China and Russia.

Some have advocated for a more centralized system, with government effectively providing cybersecurity for industry.

On Monday, Federal Energy Regulatory Commission Chairman Richard Glick and Commissioner Allison Clements, both Democrats, called for minimum standards for cybersecurity on oil and gas pipelines, like those in place for power companies.

“Simply encouraging pipelines to voluntarily adopt best practices is an inadequate response,” they said.

Thomas Fanning, CEO of the Atlanta-based power firm Southern Co., told the New York Times in a recent interview that the United States needed a national cyberdefense system similar to systems developed during the Cold War to protect against Soviet missile attacks.

“A real-time view of that battlefield that allows cybercommand to see my critical systems at the same moment and the same time I see them,” he said. “Sharing isn’t fast enough. It’s not comprehensive, and you can’t rely on it on matters of national security.”

Original Source link

Leave a Reply

Your email address will not be published.

sixty four − = 62