Federal agencies teamed up with U.S. oil and gas industry representatives to develop a pipeline cybersecurity initiative that aims to take a systematic approach to protecting and securing critical infrastructure.
The U.S. Department of Homeland Security and the U.S. Department of Energy — working with the Oil and Natural Gas Subsector Coordinating Council, a group that works to coordinate between the private and public sectors on infrastructure protection — plan to make use of the cybersecurity resources at the DHS' National Protection and Programs Directorate, or NPPD, which focuses on resilience for the nation's physical and cyber infrastructure, along with the DOE's energy sector expertise and the Transportation Security Administration's pipeline security awareness. As a mode of transportation, pipelines fall under the TSA when it comes to overseeing their security.
Christopher Krebs, the DHS undersecretary in charge of the NPPD, said a meeting among the agencies and the industry representatives was a "key milestone" that helped all the participants get a broader understanding of the cyberrisks the sector faces. "Collaborative efforts like this allow us to better understand the threat landscape and direct more targeted and prioritized risk management activities," Krebs said in a statement.
The American Petroleum Institute welcomed the pipeline cybersecurity initiative, lauding its collaborative nature and the agencies' willingness to work with industry to understand how cyber threats affect the sector. The initiative "recognizes that as cyber threats continue to evolve and become more sophisticated, so too must our energy infrastructure," Robin Rorick, the group's midstream director, said in a statement.
"This is a complicated and continually changing issue, and it will be best managed through a coordinated approach between industry and the federal government," Rorick said. "API members continue to invest in the security of their systems, and we are pleased to see a commensurate level of attention from our government partners as we confront increasingly sophisticated nation-state based threats."
The domestic energy sector increasingly finds itself up against nation-states in an escalating cyber war, and legislators and industry experts have said that public-private collaboration is essential to combat the threat.
Earlier in 2018, the DHS also created the National Risk Management Center to serve as a central body to coordinate protection and develop a "government/industry playbook" across multiple sectors.
The pipeline sector is a well-known target for cyber attackers. For instance, a third-party data system used by various energy companies for scheduling gas flows on pipelines was attacked in April. This event highlighted the vulnerability that companies can expose themselves to when they inevitably engage an outside entity to manage some part of their business.
Experts have also pointed to uneven cyber protections across the sector as another concerning vulnerability, especially as the cyber and physical parts of energy systems have gotten more intertwined.