PHMSA Launches Initiatives to Bolster Pipeline Cybersecurity – Source: www.databreachtoday.com

Agency Tasked With Pipeline Security Takes New Steps to Combat Rise in Cyberattacks

Chris Riotta (@chrisriotta) •
January 18, 2024    

A U.S. federal agency tasked with ensuring the secure transportation of energy and hazardous materials across pipelines is launching a series of initiatives to address an increase in cyberattacks, a top official said.

See Also: OnDemand | Integrating Splunk and Panther for Real-Time Alerting and Custom Dashboarding

The 2021 cyberattack on the Colonial Pipeline made it clear that better collaboration and planning across federal agencies and the private sector is needed to protect American pipelines, Tristan Brown, deputy administrator of the Pipeline and Hazardous Materials Safety Administration, testified Wednesday before the House Subcommittee on Energy, Climate, and Grid Security (see: FBI: DarkSide Ransomware Used in Colonial Pipeline Attack).

“Both industry and regulators are working to address the increasing number of cyberattacks,” Brown told lawmakers, adding that PHMSA, the Transportation Security Administration and the Department of Energy “have a shared responsibility in ensuring coordinated, consistent and effective activities that improve pipeline transportation security.”

Government watchdogs have warned for years that action is urgently needed to better protect U.S. pipelines and critical infrastructure from cyberattacks. The Government Accountability Office has repeatedly tasked the TSA with addressing pipeline cybersecurity-related weaknesses, including outdated protocols for responding to pipeline security incidents.

For its part, PHMSA – a component of the Department of Transportation – has begun using its authorities to inspect and enforce pipeline control room regulations, integrity management requirements and emergency response plan mandates, according to Brown. The agency has also started collaborating with the Cybersecurity and Infrastructure Security Agency and the TSA on joint cybersecurity exercises for pipeline owners and operators, the deputy administrator said.

“PHMSA is increasing cybersecurity training opportunities for its staff, as well as the staff of its state and federal partners,” Brown said, adding that the initiatives better position the agency “to identify risks during routine control room inspections and coordinate when needed with colleagues in TSA.”

The administration’s 2024 budget request includes $123.7 million for pipeline safety operations, which Brown said “would fully fund PHMSA’s rule-making efforts and other critical pipeline safety work.”

The budget also includes over $21 million for state pipeline safety grants to support regional efforts to enhance pipeline security nationwide.