Recent press reports indicate that a cyber-attack disabled the third-party platform used by an oil and gas pipeline company to exchange documents with customers. Effects from the attack were largely confined because no other systems were impacted, including industrial controls for critical infrastructure. The attack comes on the heels of an FBI and Department of Homeland Security alert warning of Russian attempts to target industrial control systems, as well as an indictment against Iranian nationals for attacking private, education, and government intuitions, including FERC. These incidents are raising questions about cybersecurity across the US pipeline network.
Continue Reading

In today’s interconnected society, cyber breaches are inevitable. As the saying goes, it is not a matter of if, but when, an organization will be breached. This is particularly true for businesses in the energy sector, which is one of the most frequently targeted industries for cyber attacks. From producers to pipelines and refineries, energy companies’ computer systems are increasingly at risk of becoming the target of a sophisticated and targeted cyberattack, making cyber risk mitigation paramount.
Continue Reading

The Senate Intelligence Committee recently approved the “Cybersecurity Information Sharing Act”, which would facilitate the sharing of information about cybersecurity threats or countermeasures by among private entities and with the federal government.  If information is shared in accordance with certain requirements (such as the use of technical controls to protect shared information), the bill provides broad protections for entities sharing information for cybersecurity purposes, including immunity against any legal action related to the monitoring, sharing, or receipt of information done in accordance with the Act.

Continue Reading

The National Institute of Standards and Technology (NIST) recently released the final “Framework for Improving Critical Infrastructure Cybersecurity.” The Framework addresses procedures and processes for reducing cyber risks to critical infrastructure – which includes the transportation sector and pipeline systems.
Continue Reading

In the wake of an attack last year on an electric substation in California, four U.S. Senators have written a letter to the Federal Energy Regulatory Commission and the North American Electric Reliability Corporation, urging them to adopt mandatory standards for physical security at electric power facilities.
Continue Reading

During his State of the Union Address, President Obama unveiled an Executive Order (EO) and Presidential Policy Directive (PPD) to improve critical infrastructure cybersecurity . The EO and PPD come in the wake of two failed attempts by Congress to pass cybersecurity legislation, and are generally aimed at seeking to improve relationships across the federal