Global organic dairy industry by 2026 – Players include Arla Foods, Aurora Organic Dairy and Kroger, among others

Bloomberg

Pipelines were blocked when the flashing red hack alert was triggered in 2012

(Bloomberg) – A decade ago, after hackers were caught breaking into natural gas pipelines and an al-Qaeda video was released calling for “electronic jihad” for US infrastructure, then-Senator Joseph Lieberman tried to raise the alarm . The system is “blinking red,” Lieberman warned his Senate colleagues during the 2012 threat debate. “Private and operated cyber infrastructure can and probably will one day be the target of an enemy attack.” Lawmakers, a former vice presidential candidate, wanted energy companies to strengthen computer security. But the efforts of the oil companies and other corporate interests that have managed to kill the legislation have waned amid heavy lobbying. That left a system of voluntary guidelines in place that failed to stop the ransomware attack on Colonial Pipeline Co. last month that paralyzed an important fuel artery along the east coast. “It really is a missed opportunity,” said Lieberman, now Senior Counsel at Kasowitz Benson Torres LLP. “The attack on the colonial pipeline might not have happened if we had passed the laws.” In response to the attack, the Department of Homeland Security is now preparing to ditch the voluntary approach and impose cybersecurity requirements on pipelines, according to one familiar that would be a defeat for oil companies and pipeline operators who have successfully cracked federal standards for more than a decade, to thwart cyber attacks by law or regulatory authorities. Unlike power plants, U.S. pipelines are not required to meet federal cybersecurity mandates, although Homeland Security was empowered to impose them when it was built after the September 11, 2001 attacks. The Transportation Security Administration, the DHS, the agency responsible for protecting the country’s pipelines, will issue a policy this week urging pipeline companies to report cyber incidents, according to the person familiar with the plans. Further requirements for the protection of facilities and the response to attacks are set to increase in the coming weeks, the Washington Post reported: “The Biden administration is taking further measures to better secure the critical infrastructure of our country,” said the DHS in a Statement on Tuesday. “We will publish more details in the coming days.” Until now, the TSA had refused to use its powers to mandate cyber security measures. “I believe that by working with industry we could achieve faster and better safety rather than regulating it because regulations were in place. In many cases, minimum safety standards and the industry have done more,” said Jack Fox, who retired in the year Served as the agency’s pipeline security manager in 2016. Lieberman’s bill would have placed cybersecurity performance requirements on privately owned critical infrastructure – and slap fines for companies that missed out. The rules would have been applied to more than pipelines: sectors in which hostile dismantling of computer systems could lead to mass losses, the collapse of financial markets, or the disruption of energy and water supplies should be included. The down version of the bill failed to overcome a Republican-led filibuster pipeline company For Lieberman, the mistake is still palpable: “We’d wonder who’s driving this aggressive opposition, and the answer we got was the energy companies and the pipeline companies of every major US oil company – including Exxon Mobil Corp., Chevron Corp. and ConocoPhillips – advocated legislation alongside some refineries and at least one pipeline operator. Colonial did not advocate the measure in 2012, as indicated by disclosure forms submitted to Congress. However, those groups also included the American Petroleum Institute, the Association of Oil Pipe Lines, and the Chamber of Commerce – a political titan who spent $ 103.9 million in 2012 on influencing government policy. Let’s call it an overly broad, persistent regulatory approach that threatened to create a “controversial” government-private relationship rather than promoting cooperation against cyberattacks. The group supported an alternative approach that focuses on greater threat intelligence sharing, an attitude it continues to support today: “We support public-private collaboration that enhances our cybersecurity in all sectors, including pipelines, for the benefit of all Americans empowers, ”said Matthew Eggers, vice president of cybersecurity policy for the chamber. Cyber ​​security experts and government officials have been warning of the consequences of a pipeline hack for years, including in 2019 when the office of the director of the National Intelligence Service issued a report warning of a cyber attack that could disrupt a pipeline. “For days to weeks. “Even so, there has been widespread business opposition to the Lieberman bill, with almost every industry affected, from financial services to communications. Participation in the warning of the proposed cybersecurity mandates would put the government in a heavy hand on corporate matters. But proponents warned that mandates are essential to ensure adequate safeguards. a Amid a spate of increasingly sophisticated attacks on private companies that operate power plants, dams, and other critical infrastructure. Al-Qaeda VideoWeeks after the law was passed, the Department of Homeland Security warned hackers who had tried for months to infiltrate computer systems for a number of natural gas pipeline operators. ABC News reported that the FBI had received an Al Qaeda video calling for “electronic jihad” against critical US infrastructure. The computer security company McAfee Corp. warned in 2011 of coordinated, sustained cyberattacks on global energy companies. The hacking episodes showed how enticing fuel systems are to cyber criminals like the Russia-affiliated group who used DarkSide ransomware to hold Colonial’s computer systems hostage around May 7th. The company was forced to shut down its roughly 855-kilometer pipeline system that supplies about 45% of the fuel consumed on the east coast, resulting in outages at gas stations and on the east coast paying a $ 5 million ransom before service five Was resumed days later. It is not clear whether mandates thwarted the attack and the investigation is still ongoing. Colonial is committed to “reviewing any proposal that draws lessons from this event that strengthens or hardens our infrastructure”. The oil and pipeline trading groups steadfastly insist that this is not the time for mandatory federal mandates. “It is premature to discuss regulation until we have a full understanding of the details of the colonial attack,” said Suzanne Lemieux, API manager for operational security and emergency response. “However, we are determined to continue our solid coordination with all levels of government.” added in a statement that he was broadly coordinated with the chamber on the matter in 2012 and warned of a single regulatory approach that meets all requirements John Stoody, a spokesman for the Association of Oil Pipe Lines, of which Colonial Pipeline is a member, said : “We want the TSA to do everything right, what it is up to.” Overwhelm TSA every day with hundreds of thousands of cyberattack reports that would not help anyone, “he said. PartnershipChevron said in an emailed statement that federal regulation “Should take a risk-based approach”, the company Flexibil it offers security against threats. And Exxon noted that the rapid evolution of cyber threats means that “all formal and mandated cybersecurity requirements for the industry are often out of date when they are completed.” The Transportation Security Administration has long followed a similar approach. A branch manager in the agency’s surface operations office said last year there were “very few regulations” and a “collaborative approach to industry introducing security measures”. This is evident from a presentation archived on the agency’s website. The TSA chose not to regulate the regulations, according to Fox, the retired TSA pipeline safety manager, partnering with industry is more efficient, Fox said in a telephone interview. “With this partnership, we could make a phone call and say we need you to do this and that and it would respond the next day.” Republican FilibusterFox said he didn’t think the Lieberman bill would have prevented the colonial cyberattack. You can regulate what you want, ”said Fox. “We have regulations on speed limits, gun controls and all sorts of things. So if you regulate something, it doesn’t mean it won’t happen.” Ultimately, in 2012, Lieberman and Collins watered down their accounts to win the Republicans over to survive. They dropped mandates and fines in favor of a measure that would only create optional requirements. But even the reduced bill was not enough. Persistent concerns about liability and data protection haunted the legislation, and the chamber also rejected the new version. It was defeated twice by a Republican-led filibuster and eventually fell nine votes below the 60 votes required to break the November 2012 debate. Amy Myers Jaffe, professor at Tufts University and author of Energy’s Digital Future, said the colonial cyberattack could hint at the Gulf of Mexico oil well that exploded in 2010, killing 11 workers and the worst oil spill in history the United States triggered. An overly cozy relationship between federal regulators and oil companies has been blamed for contributing to the disaster, Jaffe said. “It is shocking to me to believe that an industry that loves to brag about its safety records would ever have advocated having government-led standards that are mandatory for cybersecurity in vital energy infrastructures.” Find more stories like this On Bloomberg. com Sign up now to stay up to date with the most trusted business news source. © 2021 Bloomberg LP

Comments are closed.