Infrastructure Security

Over the last year or so, anti-pipeline forces have increasingly used “tree sitting” to obstruct natural gas infrastructure projects. The tactic involves individuals who climb trees slated for removal in a proposed pipeline project and stay there—sometimes for months and often aided by family, friends or others—forcing project developers to take various countermeasures.

Earlier this month a Virginia federal district judge rejected a novel effort by Mountain Valley Pipeline, LLC (MVP) to join certain unnamed tree sitters (“Tree Sitter 1” and “Tree Sitter 2”) as defendants in a pending Natural Gas Act (NGA) eminent domain action to condemn easements over land in southwestern Virginia for construction of the Mountain Valley Pipeline.[1] In addition to interfering with its use of the easements being condemned, MVP alleged that the “tree sitters” or their supporters had assaulted a security officer who was part of a tree clearing crew on the project. Notably, though it declined to join the “tree sitters” as parties, the court observed that MVP still had other available remedies against them.
Continue Reading

Recent press reports indicate that a cyber-attack disabled the third-party platform used by an oil and gas pipeline company to exchange documents with customers. Effects from the attack were largely confined because no other systems were impacted, including industrial controls for critical infrastructure. The attack comes on the heels of an FBI and Department of Homeland Security alert warning of Russian attempts to target industrial control systems, as well as an indictment against Iranian nationals for attacking private, education, and government intuitions, including FERC. These incidents are raising questions about cybersecurity across the US pipeline network.
Continue Reading

In today’s interconnected society, cyber breaches are inevitable. As the saying goes, it is not a matter of if, but when, an organization will be breached. This is particularly true for businesses in the energy sector, which is one of the most frequently targeted industries for cyber attacks. From producers to pipelines and refineries, energy companies’ computer systems are increasingly at risk of becoming the target of a sophisticated and targeted cyberattack, making cyber risk mitigation paramount.
Continue Reading

After a string of highly publicized attacks on energy pipelines in different areas of the country, several Congressmen addressed a letter to US Attorney General Jeff Sessions last month, asking that the United States Department of Justice (DOJ) respond to several questions concerning the ability and intent of the DOJ to investigate and prosecute criminal activity against energy infrastructure at the federal level. The letter also asks for DOJ clarification on whether attacks against the nation’s energy infrastructure fall within the DOJ’s understanding of 18 U.S.C. § 2331(5), which defines “domestic terrorism” to include activities that “involve acts dangerous to human life that are a violation of the criminal laws of the United States or of any State” and that “appear to be intended to . . . influence the policy of a government by intimidation or coercion.”
Continue Reading

A group referring to itself as “Climate Direct Action” claimed to have shut down five major cross-border oil pipelines in various states on Tuesday October 11, 2016: Minnesota (Enbridge Lines 4 and 67 near Leonard), Montana (Spectra Energy’s Express Pipeline near Coal Banks Landing), North Dakota (TransCanada’s Keystone Pipeline near Walhalla) and Washington State (Kinder Morgan’s Trans Mountain Pipeline near Anacortes).
Continue Reading

Several legislative developments of significance to the pipeline and energy transportation industries are in progress, with the introduction of a bipartisan pipeline safety reauthorization bill in the House, the passage of a bipartisan energy bill in the Senate, and the passage of a bill in the Senate that provides for the use of drones to monitor pipelines and other energy infrastructure.

Continue Reading

The Senate Intelligence Committee recently approved the “Cybersecurity Information Sharing Act”, which would facilitate the sharing of information about cybersecurity threats or countermeasures by among private entities and with the federal government.  If information is shared in accordance with certain requirements (such as the use of technical controls to protect shared information), the bill provides broad protections for entities sharing information for cybersecurity purposes, including immunity against any legal action related to the monitoring, sharing, or receipt of information done in accordance with the Act.

Continue Reading

The National Institute of Standards and Technology (NIST) recently released the final “Framework for Improving Critical Infrastructure Cybersecurity.” The Framework addresses procedures and processes for reducing cyber risks to critical infrastructure – which includes the transportation sector and pipeline systems.
Continue Reading

In the wake of an attack last year on an electric substation in California, four U.S. Senators have written a letter to the Federal Energy Regulatory Commission and the North American Electric Reliability Corporation, urging them to adopt mandatory standards for physical security at electric power facilities.
Continue Reading

During his State of the Union Address, President Obama unveiled an Executive Order (EO) and Presidential Policy Directive (PPD) to improve critical infrastructure cybersecurity . The EO and PPD come in the wake of two failed attempts by Congress to pass cybersecurity legislation, and are generally aimed at seeking to improve relationships across the federal