A ransomware attack forced the largest U.S. fuel pipeline to shut down for six days in May and led to gasoline shortages across several Southeastern states. In its wake, U.S. officials have sought to bolster the defenses of an industry that for years has had fewer cybersecurity rules compared with other critical infrastructure sectors.
The Transportation Security Administration, which has regulatory authority over pipeline cybersecurity, recently issued a directive that would require pipelines to quickly report attacks to a cybersecurity division of the Department of Homeland Security. The Biden administration also has ordered agencies to improve their efforts to detect attacks and to strengthen their partnerships with private industries, and several cybersecurity-related bills are moving through Congress.
Meanwhile, Joseph Blount, chief executive of Colonial Pipeline Co., the target of the May attack, has defended his decision to pay ransom of $4.4 million in cryptocurrency to the attack’s perpetrators, saying he needed every tool at his disposal to restore the 5,500-mile pipeline’s systems. The Federal Bureau of Investigation for years has advised companies not to pay when hit with ransomware, a type of code that takes computer systems hostage for payment, because it supports a booming criminal marketplace. The Justice Department said last month it recovered about $2.3 million worth of the cryptocurrency.
The attack on Colonial Pipeline showed the vulnerability of the nation’s vast energy infrastructure and has spurred debate over how the U.S. and the oil-and-gas industry can better protect critical infrastructure against assaults.
The Wall Street Journal spoke with three experts in oil-and-gas cybersecurity about how companies, regulators and policy makers can advance the security of the nation’s energy infrastructure. Jim Guinn is global managing director for cybersecurity in energy, chemicals, utilities and mining at Accenture Security. Suzanne Lemieux is manager for operations security and emergency-response policy for the energy trade group American Petroleum Institute. Chris Bronk is associate professor of computer information systems and information system security at the University of Houston. Here are edited excerpts of the conversation:
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
