CRS: Pipeline security at risk from cyberattacks
The Congressional Research Service is warning that the U.S. network of natural gas and hazardous liquid pipelines is vulnerable to cyberattacks that could disrupt service and cause spills, explosions or fires--a threat that grows with the rise of specialized malicious software.
The Aug. 16 report (.pdf), obtained by the Federation of American Scientists and posted to Secrecy News, notes U.S. pipeline computer systems have recently experienced a coordinated series of cyber intrusions.
The threat is to pipeline supervisory control and data acquisition, or SCADA, systems was highlighted by a March 2012 report by the Homeland Security Department, which disclosed the ongoing cyber intrusions.
Al Qaeda reportedly had called for an "electronic jihad" against critical U.S. infrastructure, the CRS said, citing an FBI report, but it was unclear from the report whether the coordinated attacks were believed related to any al Qaeda activity.
The Transportation Security Administration can regulate physical security and cybersecurity for pipelines, but has not done so, TSA says. The agency says regulations could set a standard below that already followed by pipeline operators, according to the report.
"Based on the agency's corporate security reviews, TSA believes cybersecurity among major U.S. pipeline systems is effective," CRS says in the report. "However, without formal cybersecurity plans and reporting requirements, it is difficult for Congress to know for certain. Whether the self-interest of pipeline operators is sufficient to generate the level of cybersecurity appropriate for a critical infrastructure sector is open to debate."
The U.S. has more than 500,000 miles of high-volume oil, gas and other hazardous-material pipelines, and nearly 900,000 miles of smaller pipelines deliver natural gas to businesses and homes, according to the report.
It is unclear whether TSA's Pipeline Security Division has the capability to develop specific cybersecurity regulations, CRS said.
Julie Bird is a freelance reporter.
- download the report, "Pipeline Cybersecurity: Federal Policy" (.pdf)
'Cyber war? Not!' says U.K. professor
Identifying the attacking host a secondary concern in cyber-incident response, says NIST
Agencies should layer intrusion detection and protection systems, says NIST