Motorists on the US East Coast have learned to endure problems with their main fuel artery, the Colonial Pipeline. A hurricane shut it down in 2017. An explosion interrupted the volume the year before. But last week, drivers lined up at gas stations over another danger: hackers had infected the pipeline’s computer systems with ransomware and forced their owners to stop the flow of 2.5 million barrels of oil products a day.
Digitization has enabled industrial and utility companies to be more efficient through better monitoring and control of their extensive operations, which in the case of the Colonial Pipeline extend over 5,500 miles over a network from Texas to New Jersey.
However, legacy operational technology systems, some of which were installed before the Internet, typically have outdated security and can be difficult to update. Security gaps in office IT systems can offer hackers entry points in order to later search for control systems. According to analysts, digital adoption was not achieved through sufficient investment in cyber defense.
“Many OT systems still don’t have basic security controls in place,” said Simon Hodgkinson, former chief information security officer at BP and board advisor for Reliance acsn IT security group.
“The problem is that attacks are much faster than industries that are ‘old school’,” said Katz. “So the speeds are different, and before slow-moving industries can take hold, there is a new attack and new threats.”
Neil Chatterjee, a FERC commissioner, said responsibility should be removed from the TSA and shifted to the US Department of Energy. “I was concerned about the economic and national security implications of such an attack and we are seeing this in real time with what happened to Colonial,” he said.
The American Petroleum Institute, an oil lobby group, wants future cybersecurity policies “to focus on improving the exchange of information and collaboration between the public and private sectors,” said Suzanne Lemieux, API manager for operational security and security Emergency response.
But in Washington, government agencies can go further. US Secretary of Energy Jennifer Granholm described the Colonial Pipeline hack as a “strong reminder” of the need to harden critical infrastructure and said on Wednesday: “With an evolving array of 21st century risks, we need to rethink our approach to security. and reassess the authorities we can bring to bear in such emergencies. “