Department of Energy Partners with Private Sector on Pipeline Security

The Department of Energy (DOE) has joined a consortium that will work to establish guidelines for increasing industrial control systems (ICS) cybersecurity. The goal is to better protect U.S. pipelines from cybersecurity threats. Pipelines, particularly those that carry resources such as oil and natural gas, have become a potential target for attacks as technology develops.

Currently, the Transportation Security Administration (TSA) oversees more than 2.7 million miles of computerized, interstate pipeline systems which transport oil, natural gas, and other hazardous products.

The Government Accountability Office (GAO) found in a May report that the agency lacks a process for updating pipeline security, making the pipelines “attractive targets for hackers and terrorists.”

The GAO recommended a strategic workforce plan for identifying pipeline security responsibilities and partnerships with the DOE and Federal Bureau of Investigations to ensure adequate crisis response and recovery plans are in place.

“It is important for TSA to update its policies to reflect cybersecurity threat conditions, and establish a realistic cyber-attack response plan,” Tamara Anderson, a vice president and general counsel at PAS Global, an ICS cybersecurity and operational technology (OT) company joining the consortium, said in a statement to FedScoop. “It’s also appropriate to question whether TSA continues to be the best agency to carry an appointment of responsibility for monitoring and securing our nation’s pipelines.”

Anderson notes that critical differences exist between transportation infrastructure and energy infrastructure.

In May, the president signed an executive order calling upon the DOE and the Department of Homeland Security to take a more active role in preparing for a potential cyber-attack on critical infrastructure.

The Department of Energy will be leading consortium efforts with the private sector to protect energy infrastructure which relies on ICS technology.

According to FedScoop, the consortium includes members who also work with a European Union group on the oversight and regulation of critical infrastructure. These groups were formed following the Ukraine power grid cyberattacks of December 2016.

As U.S. technology moves toward the fifth-generation, often called 5G technology, private groups told FedScoop they want to ensure security is being considered and critical infrastructure is not left behind.