Experts Call for Cybersecurity Regulation for Oil and Gas Sector
Cybersecurity experts said the U.S. oil and gas industry has a vulnerable cybersecurity posture because of a lack of government-mandated standards and investments.
Peter Lund, chief technology officer at software company Industrial Defender, said the lapses in the oil and gas sector are due in part to industry lobbyists that pushed back against stricter regulations. He added that while there have been investments in cybersecurity, they are not at a level compared to other regulated energy sectors.
According to Lund, the Colonial Pipeline ransom attack should have served as a notice for the oil and gas industry to invest in cybersecurity. The pipeline hack led to a near-week-long shutdown, gas shortage and price hikes and the payment of a $4.4 million ransom, The Hill reported.
Lawmakers and regulators from the U.S. have also urged the sector to adopt stricter cybersecurity standards administered by the Federal Energy Regulatory Commission. Rep. Bobby Rush, chairman of the House energy subcommittee, introduced the Energy Product Reliability Act in December, which requires FERC to create mandatory cybersecurity standards for the oil and gas industry.
Industry leaders pushed back against federal regulations, arguing that the industry is also keeping up with the government’s guidance. Suzanne Lemieux, director of operations security and emergency response at the American Petroleum Institute, said the organization’s members and the private sector ensure that the industry receives timely information about cyber threats and added that cybersecurity firms are helping companies improve their networks.
A spokesperson from the Interstate Natural Gas Association of America said its members have adopted the Cybersecurity and Infrastructure Security Agency’s Shields Up guidance, as well as other recommendations from the FBI and Transportation Security Agency. The spokesperson added that members are always on the lookout for cyber threats from adversaries such as China and Russia.
Tags: American Petroleum Industry Bobby Rush cybersecurity Energy Product Reliability Act Federal Energy Regulatory Commission Industrial Defender oil and gas industry Peter Lund Suzanne Lemieux The Hill