By Tom Magness
November 20, 2018 at 5:00 am ET
With U.S. energy production flourishing, infrastructure safety has become a renewed focus point on the national stage.
To date, the conversation has centered narrowly on the potential of structural failures. The real threat today, however, is not likely to come from shoddy construction or mechanical failures, but rather from a few strokes from a random keyboard.
At the start of this year, over 14,000 miles of new pipeline were slated for completion in 2018. Replacing antiquated lines and expanding capacity, these networks increasingly employ cutting-edge technologies. From internal monitoring systems to flowrate controls, these programs help to ensure safe and effective operations and minimize risk.
Not surprisingly, by nature, the software needed to run them is susceptible to hacking. Earlier this year, a cyberattack on a shared data network forced major natural gas pipeline operators to temporarily shut down online communications. While reports indicate the culprits were likely phishing for consumer information, the incident showed the vulnerability of a more targeted attack. Also this year, Russian hackers attempted to shut down a Saudi petrochemical plant. In a separate case, a Russian group targeted companies in Ukraine.
The effects of a large-scale disruption to the U.S. energy grid could be staggering, both for industry and for consumers. Recognizing that reality, infrastructure operators continue to invest significantly to safeguard networks. Oil producers alone are expected to spend nearly $2 billion by the end of this year globally on cyberdefense. And, as attacks become more sophisticated, it’s likely that spending will continue to grow.
Regulators, too, are taking cyberthreats seriously. This year, the U.S. Transportation Security Administration and the National Institute of Standards and Technology both released updated cybersecurity guidelines for pipelines. Following the attack on pipeline companies noted above, the Department of Energy made available $25 million in grants to support projects that will make the energy sector more resilient against cyberthreats.
It is imperative that efforts to bolster our domestic energy systems remain a public-private partnership, and that regulators not try to unilaterally dictate solutions. A recent report by the American Petroleum Institute concludes that voluntary collaboration between industry and government is the best way to improve cybersecurity and implement protective measures. A framework in which both government and industry can contribute will allow the necessary flexibility to respond to the constantly changing nature of cyberthreats.
All indications suggest that strong public-private collaboration is working. Through the Oil and Natural Gas Information Sharing and Analysis Center, more than 50 companies, including many of the country’s largest natural gas pipeline operators, share information about cyberthreats and emerging technologies and best practices to combat them. The Cybersecurity Act of 2015, which received strong support from the oil and gas industries, further facilitates information sharing between companies and regulators.
As history teaches, regulators should exercise caution to preserve the right balance between industry’s and government’s roles. Cyberthreats do not equate to vulnerabilities, and pipeline companies have gone to great lengths to minimize risk exposure. Pipeline operators are able to respond quickly to cyberthreats, and prescriptive regulatory measures — which are typically much slower moving — may ultimately reduce companies’ ability to address situations as they arise.
The United States’ pipeline networks have grown rapidly alongside the remarkable expansion of domestic energy production. This growth has occurred in tandem with — and benefitted from — equally impressive developments in the digital space. As cyberspace continues to evolve, so too must infrastructure.
Emerging cyberthreats emphasize the need to modernize and strengthen our energy infrastructure. Investment is not only bringing online new transportation capabilities — which help to secure our country’s energy independence — it is making these systems more resilient. In that regard, regulators should continue to work with industry to create an environment that provides certainty for midstream developers and operators and encourages implementation of new technologies.
Col. Tom Magness (U.S. Army, retired) served as a commander in the U.S. Army Corps of Engineers, and he is the founder of the Eagle Leadership Group and currently acts as a strategic adviser to the Grow America’s Infrastructure Now Coalition.
Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.