Recent press reports indicate that a cyber-attack disabled the third-party platform used by oil and gas pipeline company Energy Transfer Partners to exchange documents with other customers. Effects from the attack were largely confined because no other systems were impacted, including, most notably, industrial controls for critical infrastructure. However, the attack comes on the heels of a Federal Bureau of Investigation and Department of Homeland Security (“DHS”) alert warning of Russian attempts to use tactics including spearphishing, watering hole attacks, and credential gathering to target industrial control systems throughout critical infrastructure, as well as an indictment against Iranian nationals who used similar tactics to attack private, education, and government intuitions, including the Federal Energy Regulatory Commission (“FERC”). These incidents are raising questions about cybersecurity across the US pipeline network.
On June 22, 2011, the House Homeland Security Committee is expected to conduct a mark-up of HR 901, the Chemical Facilities Anti-Terrorism Security (CFATS) Authorization Act of 2011. HR 901 would reauthorize the CFATS program through FY 2018 without burdensome mandates of so-called “inherently safer technology” (IST).