Energy Tomorrow Blog
Posted August 26, 2021
Calls for new government cybersecurity mandates to protect the nation’s energy infrastructure after the ransomware attack on the Colonial Pipeline earlier this year failed to acknowledge some key things about addressing cyber threats, including:
Cybersecurity not only threatens the pipeline industry, but also all critical infrastructure, industries and even government entities.
The speed with which such threats are evolving, making it unlikely legislation and regulatory processes could keep up.
The degree to which our industry already is engaged with government agencies to identify emerging cyber threats.
Our industry’s strong commitment to take the initiative in protecting its infrastructure and other assets.
That last point provides context for the release of API’s updated Standard 1164, covering pipeline control systems cybersecurity.
Posted July 14, 2021
A good cybersecurity discussion in the Wall Street Journal this week, featuring API’s Suzanne Lemieux, Accenture’s Jim Guinn and the University of Houston’s Chris Bronk. The conversation was a follow-up to the cyberattack on the Colonial Pipeline in May, which caused serious fuel disruptions along the East Coast.
We’ve previously pointed out that protecting the nation’s natural gas and oil infrastructure is critically important to maintaining U.S. energy affordability and economic competitiveness. Our industry recognizes this and has been deeply engaged with government agencies and a broad range of private sector stakeholders facing similar cyber threats, while pointing out that the Colonial attack underscores our country’s need for more energy infrastructure.
John D. Siciliano
Posted May 20, 2021
Even before the Colonial Pipeline reopened after a criminal cyber attack, some were demanding action, including Federal Energy Regulatory Commission (FERC) Chairman Richard Glick’s call for mandatory cybersecurity standards.
The attack on Colonial caused major disruptions – underscoring the importance of getting the response right. Unfortunately, some in Washington can’t help but react to an issue before the facts are clear and before calm, rational analysis can guide the best response.
The fact is natural gas and oil industry has a long history of engaging and collaborating with the federal government to protect the nation’s vast network of pipelines and other critical energy infrastructure from cyber attacks.
Posted May 12, 2021
Since the Colonial Pipeline Company experienced a ransomware attack last Friday, the natural gas and oil industry has worked with government to bring a critical piece of infrastructure back online and use alternate methods of transportation to meet the nation’s energy demand. This is America’s largest fuel pipeline – spanning 5,500 miles from Texas to New Jersey – and normally delivers millions of gallons of gasoline, jet fuel and other petroleum products every day to consumers in the South and along the East Coast.
For now, industry stakeholders and energy experts are working with the Pipeline and Hazardous Materials Safety Administration (PHMSA) in the Department of Transportation (DOT), Environmental Protection Agency (EPA) and other federal agencies to alleviate short-term supply disruptions.
Posted May 11, 2021
The cyber attack on the 5,500-mile Colonial Pipeline that daily carries millions of gallons of fuel products from the Gulf Coast to New York and points in between, underscores some critically important points about the natural gas and oil industry – its resilience and agility in working to alleviate supply disruptions, the vital importance of investing in pipeline infrastructure for the economy and modern daily life, and the ongoing commitment by industry to protect itself and key assets from cyber criminals
Industry has worked and will continue to work with the Biden administration on actions to mitigate supply disruptions caused by the cyber attack. These include an hours-of-service exemption for those transporting gasoline, diesel, jet fuel and other refined products to 18 states, as well as a fuel waiver for states under EPA requirement to use reformulated gasoline (RFG) to be allowed to use conventional gasoline amid the disruption – helping fuel suppliers manage inventories until Colonial returns to normal operations.
Posted May 10, 2021
Over the weekend, Colonial Pipeline Company experienced a cybersecurity attack, which has since been identified as ransomware, forcing the shutdown of one piece of U.S. critical energy infrastructure. Colonial Pipeline is issuing updates about their operations and response activities as well as precautionary and other measures they’ve taken to protect the safety and security of their energy systems. Read their press statements here.
As Colonial Pipeline consults with law enforcement and other federal agencies, the broader U.S. natural gas and oil industry continues to focus on mitigating cybersecurity risks and adapting to this evolving threat landscape. In recent months, ransomware attacks have disrupted public services in major U.S. cities as well as businesses in healthcare and manufacturing, among other essential industries. We encourage government policies that allow companies to innovate and refine processes that protect against future incidents.
API member companies are committed to protecting America’s critical oil and natural gas infrastructure, safeguarding intellectual property and providing affordable, reliable energy for everyday use.
Posted August 7, 2020
Modern, resilient natural gas and oil infrastructure is vital to maintaining U.S. energy affordability and economic competitiveness. As the industry undergoes rapid digitalization, reliability remains fundamental to energy operations, particularly as cybersecurity risks present emerging challenges.
The U.S. has been subject to an increasing volume of malicious cyberattacks from China, Russia and other foreign adversaries, posing a persistent threat to our national security and grid reliability. Within the next two years, 2.5 billion industrial devices will be brought online in the energy industry, meaning the need to protect our critical infrastructure assets has never been more urgent.
Posted February 1, 2019
Posted December 20, 2018
With the release of the U.S. Government Accountability Office (GAO) report on pipeline cybersecurity, conducted at the request of Senator Cantwell and Congressman Pallone, it has become apparent that there is lingering confusion about the security of natural gas and oil pipelines. So, let’s clear things up: industry is deeply engaged in efforts to understand the threat, coordinate with cybersecurity experts across the board, and stay ahead of our adversaries. Our industry utilizes best-in-class international cybersecurity standards, close collaboration with government, and proven frameworks that – in contrast to prescriptive government-imposed standards or regulations – are the best ways to stay ahead of emerging threats and bolster the cybersecurity of natural gas and oil companies and the energy infrastructure they operate.
Posted October 31, 2018
A new report illustrates just how prepared natural gas and oil companies are when it comes to defending themselves and American energy consumers against malicious cyber threats – a fundamental component of the industry’s resiliency and something we’ve demonstrated time and again.