Pipeline Cybersecurity Gaps Must Be Filled, Regulator Says
A top U.S. energy regulator said gaps in pipeline cybersecurity must be filled after the ransomware attack on Colonial Pipeline Co. that led to widespread gasoline shortages across parts of the country.
“This is new to those of us in the energy space, this new reality, that private sector companies are now on the front lines of our national defense and national security,” Neil Chatterjee, a commissioner and former chairman at the Federal Energy Regulatory Commission, said in a Bloomberg Television interview.
“We need to improve our cybersecurity standards and requirements to keep up with these evolving threats, especially as they relate to our critical infrastructure,” he said.
FERC regulates electricity markets, some aspects of the oil and gas sector, and has the authority to set cybersecurity standards for electric grids. But it’s the Transportation Security Administration -- part of the Department of Transportation -- that provides voluntary cybersecurity guidelines for fuel pipelines.
Chatterjee said he’s been critical in the past of the resources TSA has for pipeline security, and that there’s still room for improvement.
“I had a pipeline CEO tell me that he had been briefed by ODNI that his system was vulnerable,” Chatterjee also said, referring to the Office of the Director of National Intelligence.
“But no-one in his company had a security clearance even high enough to know where to get the briefing to know where to invest to protect their system,” he said. “There’s some gaps that we’ve got to start to fill.”
— With assistance by Caroline Hyde, and Taylor Riggs
Gloss