Morning Consult recently featured an opinion piece by GAIN Strategic Advisor Col. Tom Magness (U.S. Army Corps of Engineers, retired) highlighting cyber threats and other potential risks to energy infrastructure development. Magness emphasizes that as US energy production flourishes, infrastructure safety has become a “renewed focus point on the national stage.” He contends that while most of the conversation surrounding potential pipeline issues has centered narrowly around the risk of structural failures, the real threat derives from cyber-attacks launched from hundreds of miles away. Magness discusses the important role of software used to operate and monitor our infrastructure network, as well as the need to protect it. He writes:
Not surprisingly, by nature, the software needed to run them is susceptible to hacking. Earlier this year, a cyberattack on a shared data network forced major natural gas pipeline operators to temporarily shut down online communications. While reports indicate the culprits were likely phishing for consumer information, the incident showed the vulnerability of a more targeted attack. Also this year, Russian hackers attempted to shut down a Saudi petrochemical plant. In a separate case, a Russian group targeted companies in Ukraine.
The effects of a large-scale disruption to the U.S. energy grid could be staggering, both for industry and for consumers. Recognizing that reality, infrastructure operators continue to invest significantly to safeguard networks. Oil producers alone are expected to spend nearly $2 billion by the end of this year globally on cyberdefense. And, as attacks become more sophisticated, it’s likely that spending will continue to grow.
Magness points out that regulators are also taking cyberthreats seriously. From best practice guidelines to grants strengthening infrastructure resiliency, US officials recognize the need to protect our investments. Public-private partnerships are key to successfully promoting and protecting our energy infrastructure, as Magness contends “A recent report by the American Petroleum Institute concludes that voluntary collaboration between industry and government is the best way to improve cybersecurity and implement protective measures.” In closing, Magness writes:
As history teaches, regulators should exercise caution to preserve the right balance between industry’s and government’s roles. Cyberthreats do not equate to vulnerabilities, and pipeline companies have gone to great lengths to minimize risk exposure. Pipeline operators are able to respond quickly to cyberthreats, and prescriptive regulatory measures — which are typically much slower moving — may ultimately reduce companies’ ability to address situations as they arise.
Emerging cyberthreats emphasize the need to modernize and strengthen our energy infrastructure. Investment is not only bringing online new transportation capabilities — which help to secure our country’s energy independence — it is making these systems more resilient. In that regard, regulators should continue to work with industry to create an environment that provides certainty for midstream developers and operators and encourages implementation of new technologies.
Read the full op-ed here.