The latest cyber incident to hit the oil and gas sector caused North American propane distributor Superior Plus to "temporarily disable certain computer systems and applications" after falling victim to ransomware Dec. "Frankly, we could have another attack that hits people in their pocketbooks and makes people actually feel the pain of cyber risk, and that might unlock additional political capital to move something like this forward."įollowing a year that put the security of the US pipeline network under intense scrutiny, "everybody wants to know what the next threat is going to be," said the American Petroleum Institute's Suzanne Lemieux. "We're beginning to see an emergence of camps here, and it's going to take some interesting and likely difficult negotiation to get over it," Morgus said. The notion of liability protection for nonfederal entities who satisfy mandated security protocols but still suffer a cyber breach is also being debated, with support coming from the GOP. Morgus was referring to the heightened attention placed on the midstream segment of the oil and gas industry in 2021 after a ransomware incident forced Colonial to shut operations for nearly a week, triggering gasoline and diesel price spikes, panic buying and supply shortages across the Southeast and East Coast.Ĭongress has since increased its attention paid to the security of the pipeline network and has floated legislation that could see passage in 2022.īills already introduced have called for updated pipeline security guidelines, identifying and protecting systemically important critical infrastructure and mandatory cyber incident reporting. "Time will tell how serious the response is to the pipeline incident." The cyberattack on Colonial Pipeline "served as a pretty serious wake-up call, though we've seen wake-up calls in the past that the federal government has kind of hit snooze on," Rob Morgus, senior director of the US Cyberspace Solarium Commission, said in an interview. "But what we need to see even more of is the platforms that enable public and private to come together," including funding models that are transparent, use risk-based approaches, and enable flexibility for operators to account for differences in their cyber maturity curves, Simonovich said. He contended that cyber regulations are likely to become more abundant because attacks are happening and many of the critical infrastructure sectors are not regulated. The actions that follow tend to be prescriptive, rapid and address the fallout of the specific attack, "but we need to get more proactive." "The cycle that we're in is that when a major attack happens, there's focus from the legislative branch and the executive branch to do something," Leo Simonovich, head of Siemens Energy's industrial cyber security business, said. Receive daily email alerts, subscriber notes & personalize your experience.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |