9Business Cyber ImpactsBusiness Cyber Impacts (0)
4In The NewsIn The News (2)
3Press ReleasePress Release (3)
1Regulation / ComplianceRegulation / Compliance (4)
8Small and Mid-MarketSmall and Mid-Market (0)
5Thought LeadershipThought Leadership (2)
201901January1January 2019 (1)
201812December1December 2018 (1)
201811November3November 2018 (3)
201808August2August 2018 (2)
201807July1July 2018 (1)
201804April1April 2018 (1)
201803March3March 2018 (3)
201802February1February 2018 (1)
Cyber attacks and regulation of the pipeline industry
Hackers last week infiltrated a communications platform provided by Energy Services Group LLC, which Bloomberg reports impacted five pipeline operators. This has provided increased focus to an ongoing thrust for cybersecurity regulation of the energy industry and its subset, the pipeline industry. In February, Energy Department Secretary Rick Perry announced that $96 million in funding would be used to create an office to address cyber threats to energy. Further, congressmen and senators on both sides of the aisle have been pushing for increased regulation in the last few years, increasing in the last few months.
"These attacks are a wake-up call that addressing our aging energy infrastructure needs to be a priority …Bad actors are looking at any way to weaken the American energy sector.” - U.S. Rep. Robert Latta, R, Ohio of the House Committee on Energy and Commerce, stated in an email sent on April 5th.
This should be a matter of concern to owners and managers of pipeline companies and their suppliers, as this is a similar path taken to the mandatory NERC CIP regulations of the power industry. Even though the NIST framework laid out by the TSA for the pipeline industry is currently voluntary, so too were the NERC standards before March 2007. When regulation does come, it is almost a certainty that the regulations will mirror or at least closely follow the current TSA NIST framework. This presents an opportunity for pipeline companies to get ahead of the curve and begin implementing a cybersecurity structure now. Not only will doing so help prevent costly cyber attacks and increase asset value, but a slow, incremental run-up to compliance is much cheaper and easier than the last minute scramble seen in the US defense industry and its suppliers with DFARS and international companies and their suppliers with GDPR.
While getting started early will save companies money in the long run, creating a cybersecurity program is still a long and costly endeavor. Thankfully, there are alternatives to simply re-creating the big, expensive cybersecurity departments of the largest companies. SecurityGate has created an automated platform that allows companies to assess, manage and remediate their cyber risk according to any compliance standard in any field, including the voluntary (for now) TSA pipeline cybersecurity NIST based framework. This platform drastically reduces the cost and time necessary to implement cybersecurity for your company. Click here for a demonstration.