Constant dollars

We need some kind of energy compromise


Pipelines rocked when ‘flashing red’ hack alert went off in 2012

(Bloomberg) – Ten years ago, after hackers were caught infiltrating pipeline operations and an Al Qaeda video emerged calling for an “electronic jihad” on US infrastructure , Senator Joseph Lieberman tried to sound the alarm. “Flashing red,” Lieberman warned his Senate colleagues during the 2012 threat debate. “Private and exploited cyber infrastructure may well be, and will likely someday be, the target of an enemy attack.” Led by independent Connecticut and the sole running mate, lawmakers have sought to demand energy companies to tighten up IT security. But the effort faded under fierce lobbying from oil companies and other corporate interests who managed to kill the legislation. This left a system of voluntary guidelines in place that failed to stop last month’s ransomware attack on Colonial Pipeline Co., which crippled a major fuel artery along the East Coast. Kasowitz Benson Torres LLP. “The attack on the colonial pipeline might not have happened if we had passed the legislation.” Now, in response to the attack, the Department of Homeland Security is preparing to abandon the voluntary approach and impose cybersecurity requirements on pipelines, according to a familiar person. with the plans asking not to be identified until an official announcement, which would be a defeat for oil companies and pipeline operators who, for more than a decade, have successfully battled federal standards to thwart cyber attacks legislation or regulatory agencies. Unlike power plants, US pipelines are not required to meet federal cybersecurity mandates, although Homeland Security was given the power to enforce them when it was created in the aftermath of the September 11, 2001 attacks. protecting the nation’s pipelines, will issue a directive this week requiring pipeline companies to report cyber incidents, according to the person familiar with the plans. “The Biden administration is taking new steps to better secure critical infrastructure in our country,” DHS said in a statement Tuesday. “We will release further details in the coming days.” Until now, the TSA had resisted using its authority to impose cyber protection measures. in many cases minimum safety standards and the industry was doing more than that, ”said Jack Fox, who was responsible for the agency’s pipeline safety before retiring in 2016. The Bill Lieberman reportedly imposed cybersecurity performance requirements on private critical infrastructure – and fines on companies that failed. The rules would have been applied to more than just pipelines: sectors where a hostile dismantling of computer systems could lead to massive losses, collapse of financial markets or disruption of energy and water supplies had to be included. This version of the bill failed to overcome a Republican-led filibuster. Pipeline companies For Lieberman, failure is still stinging. “We would kind of ask ourselves who is causing this aggressive opposition and the response we were getting was the energy companies and the pipeline companies. “, Did he declare. All major US oil companies – including Exxon Mobil Corp., Chevron Corp. and ConocoPhillips – lobbied the legislation, alongside some refiners and at least one pipeline operator. Colonial did not press the measure in 2012, according to disclosure forms it filed with Congress. However, groups he belonged to, including the American Petroleum Institute, the Association of Oil Pipe Lines and the Chamber of Commerce – a political titan who said he spent $ 103.9 million to influence government policies in 2012 Calling it an overly broad and harsh regulatory approach that threatened to create an “adversarial” relationship between government and the private sector instead of fostering collaboration against cyber attacks. The group supported an alternative approach focused on greater sharing of threat intelligence, a position it continues to support today. “We are supporting a public-private collaboration that strengthens our cybersecurity in all sectors, including pipelines, for the benefit of all Americans,” said Matthew Eggers, vice president of the House’s cybersecurity policy. Cyber ​​security and government officials have warned for years about the consequences of a pipeline hack, including in 2019 when the Office of the Director of National Intelligence released a report warning that a cyber attack could disrupt a pipeline. for days or weeks. Nonetheless, there was general corporate opposition to the Lieberman Bill, with nearly every industry affected, from financial services to communications, getting involved to warn the proposed cybersecurity mandates would put the government’s heavy hand in the affairs of companies. the promoters warned that the warrants were essential to ensure the existence of sufficient collateral. amid a barrage of increasingly sophisticated attacks on private companies operating power plants, dams and other critical infrastructure.Al-Qaeda VideoWeeks after the bill was introduced, the Security Ministry Interior warned that hackers had spent months trying to infiltrate computer systems operating the gas pipelines. ABC News reported that the FBI obtained a video from Al Qaeda calling for “electronic jihad” against US critical infrastructure. And the computer security company McAfee Corp. warned of coordinated and ongoing cyber attacks against global energy companies in 2011 Hacking episodes have heralded just how attractive fuel delivery systems are to cybercriminals, such as the Russia-linked group that used DarkSide ransomware to contain Colonial’s computer systems. held hostage around May 7. The company was forced to shut down its approximately 5,500-mile-long (8,851-kilometer) pipeline system, which supplies about 45 percent of the fuel used on the East Coast, causing outages at gas stations and the payment of a ransom of $ 5 million before resuming service five days later. It is not known whether the warrants would have thwarted the attack, and investigations are still ongoing. Colonial is committed to “consider any proposal that draws lessons from this event that strengthens or hardens our infrastructure.” Oil and pipeline trade groups firmly insist the time is not for prescriptive federal mandates. a full understanding of the details surrounding the colonial attack, ”said Suzanne Lemieux, Operations Security and Emergency Response Manager at API. “But we are determined to continue our strong coordination with all levels of government.” The trade association added in a statement that it was generally aligned with the House on the issue in 2012 and warned of a universal prescriptive regulatory approach that John Stoody, a spokesperson for the Association of Oil Pipe Lines , whose members include Colonial Pipeline, said, “We want TSA to do whatever it plans to do.” “For example, too broad a reporting requirement could overwhelm TSA with hundreds of thousands of reports of cyber attacks every day that would do no one any good,” he said. And Exxon noted that the rapid evolution of cyber threats means that “all formal and prescriptive cybersecurity requirements for the industry are often exceeded when completed.” The Transportation Security Administration has long taken a similar approach. A branch manager in the agency’s surface operations office boasted last year that this involved “very few regulations” and a “cooperative approach to industry adoption of security measures.” according to a presentation archived on the agency’s website. “A regulation takes months or years to change,” Fox said in a telephone interview. “With this partnership, we could make a phone call and say we need you to do this or that and we would respond to it the next day.” Republican FilibusterFox said he didn’t think Bill Lieberman would have prevented the colonial cyberattack. You can regulate whatever you want, ”Fox said. “We have regulations on speed limits and gun control and all kinds of things, so if you regulate something, that doesn’t mean it won’t happen.” Eventually, in 2012, Lieberman and Collins watered down their bill in a desperate attempt to win over Republicans. to get it through. They ditched warrants and fines in favor of a measure that would only create optional requirements, but even the reduced bill was not enough. Persistent liability and privacy concerns haunted the legislation, and the House also opposed the new version. He was twice beaten by a Republican-led filibuster, ultimately losing nine out of the 60 votes needed to interrupt the debate in November 2012. Amy Myers Jaffe, professor at Tufts University and author of “Energy’s Digital Future The colonial cyberattack could be a reference to the Gulf of Mexico oil well that exploded in 2010, killing 11 workers and triggering the worst oil spill in US history. for contributing to the disaster, Jaffe said. “It’s shocking to me to think that an industry that likes to brag about its safety performance would ever have lobbied against the adoption of mandatory government standards for cybersecurity in vital energy infrastructure.” More articles like this are available on Bloomberg. Subscribe now to stay ahead with the most trusted source of business news. © 2021 Bloomberg LP

Comment here

placeholder="Your Comment">