American Oil and Gas Reporter - August 2021 - 77
Cybersecurity Still Looming Large
WASHINGTON-Citing an ongoing
cybersecurity threat to pipeline systems,
the U.S. Department of Homeland Security's
Transportation Security Administration
has issued a second security directive
that requires owners and operators
of TSA-designated critical pipelines that
transport hazardous liquids and natural
gas to implement a number of protections
against cyberattacks.
Around the same time that it announced
the new order, another DHS
agency also indicated that Chinese hackers
had targeted and breached U.S.
pipelines during the previous decade, a
report that warned midstream operators
to watch for cyberintrusions.
" The lives and livelihoods of the American
people depend on our collective
ability to protect our nation's critical infrastructure
from evolving threats, " emphasizes
Secretary of Homeland Security
Alejandro N. Mayorkas.
Symbolism Or Substance?
According to DHS, TSA's latest security
directive is the second one pertaining
to pipelines that has been released in
2021, and builds on an initial security directive
TSA issued in May 2021 following
the May 7 ransomware attack on the
Colonial Pipeline. That May security directive
requires critical pipeline owners
and operators to:
· Report confirmed and potential cybersecurity
incidents to CISA;
· Designate a cybersecurity coordinator
to be available 24 hours a day,
seven days a week;
· Review current practices; and
· Identify any gaps and related remediation
measures to address cyber-related
risks and report the results to TSA
and CISA within 30 days. (AOGR, June
2021, pg 29).
The department says its Cybersecurity
and Infrastructure Security Agency has
advised TSA on pipeline cybersecurity
threats, as well as technical countermeasures
to prevent those them, during the
development of this second security directive.
This security directive requires
TSA-designated critical pipelines to implement
specific mitigation measures to
protect against ransomware attacks and
other known threats to information technology
and operational technology systems,
develop and implement a cybersecurity
contingency and recovery plan,
and conduct a cybersecurity architecture
design review.
" Through this security directive, DHS
can better ensure the pipeline sector takes
the steps necessary to safeguard their operations
from rising cyberthreats, and
better protect our national and economic
security, " Mayorkas holds. " Public-private
partnerships are critical to the security of
every community across our country and
DHS will continue working closely with
our private sector partners to support
their operations and increase their cybersecurity
resilience. "
Unfortunately, some experts warn, although
the desire to improve security is
sound, DHS' latest move seems to provide
more symbolism than substance. That is
precisely the reaction of KnowBe4 security
specialist Roger Grimes, whose experience
includes more than three decades as a
computer security consultant, instructor,
and author of 10 books and more than
1,000 magazine articles on computer security.
According
to Grimes, the fact that
three decades of progressively tighter
regulation have been accompanied by a
progressively worsening problem suggests
another security directive is unlikely to
stem the tide of cyberthreats. " Anything
that gets us better secured is a good
thing. It will also likely not work, " he
assesses. " Why? Because it is hard to
be perfect and every organization is already
trying to do computer security
perfectly. Adding another requirement
on top of all the other requirements and
regulations overtop of what they already
know they should be doing is likely not
going to result in being significantly
more resilient to cyberattacks. It cannot
hurt, but it is not likely to be the final
nail in the coffin that defeats all malicious
hackers and malware. "
The best prevention, he suggests, is
to make it harder for malicious hackers
and malware to hide. " Hackers hack and
spread malware because they either cannot
be traced or cannot be arrested and punished
when caught, " he considers. " A
malicious hacker is more likely to be
struck by lightning, twice, than to get
arrested for hacking. We need to significantly
secure the Internet itself, to make
it more secure by default. We will stop
more bank robbers when we stop allowing
so many banks to be robbed and for all
the bank robbers to get away. There are
ways to make the Internet significantly
more secure. "
Chinese Intrusions
Meanwhile, CISA and the Federal Bureau
of Investigation issued a joint advisory
on July 20 that detailed a spearphishing
and intrusion campaign targeting U.S.
oil and gas pipeline companies that was
conducted by state-sponsored Chinese
actors that occurred from December 2011
to 2013.
According to CISA's report, it worked
with the FBI to provide incident response
and remediation support to victims of
the campaign. " Overall, the U.S. government
identified and tracked 23 U.S. natural
gas pipeline operators targeted from 2011
to 2013 in this spearphishing and intrusion
campaign, " it says. " Of the known targeted
entities, 13 were confirmed compromises,
three were near misses, and seven had an
unknown depth of intrusion. "
CISA goes on to indicate that the federal
government has attributed this activity
to Chinese state-sponsored actors. " CISA
and the FBI assess that these actors were
specifically targeting U.S. pipeline infrastructure
for the purpose of holding U.S.
pipeline infrastructure at risk, " the agency
says. " Additionally, CISA and the FBI
assess that this activity was ultimately
intended to help China develop cyberattack
capabilities against U.S. pipelines to physically
damage pipelines or disrupt pipeline
operations. "
The advisory provides information on
this campaign, including tactics, techniques
and procedures. The alert can be found
at https://us-cert.cisa.gov/ncas/alerts/aa21201a.
" CISA
and the FBI urge owners and
operators of energy sector and other
critical infrastructure networks to adopt
a heightened state of awareness and implement
the recommendations listed in
the mitigations section of this advisory,
which include implementing network segmentation
between IT and industrial control
system/operational technology networks, "
CISA says. " These mitigations
will improve a critical infrastructure entity's
defensive cyberposture and functional
resilience by reducing the risk of compromise
or severe operational degradation
if the system is compromised by malicious
cyber actors, including but not limited to
actors associated with the campaign described
in this advisory. "
More information on Chinese malicious
cyber activity can be found at uscert.cisa.gov/china.
Coming
In September
The latest in oil and gas issues.
AUGUST 2021 77
❒
https://us-cert.cisa.gov/ncas/alerts/aa21-201a
https://us-cert.cisa.gov/ncas/alerts/aa21-201a
https://us-cert.cisa.gov/china
https://us-cert.cisa.gov/china
American Oil and Gas Reporter - August 2021
Table of Contents for the Digital Edition of American Oil and Gas Reporter - August 2021
Contents
American Oil and Gas Reporter - August 2021 - Intro
American Oil and Gas Reporter - August 2021 - Cover1
American Oil and Gas Reporter - August 2021 - Cover2
American Oil and Gas Reporter - August 2021 - Contents
American Oil and Gas Reporter - August 2021 - 4
American Oil and Gas Reporter - August 2021 - 5
American Oil and Gas Reporter - August 2021 - 6
American Oil and Gas Reporter - August 2021 - 7
American Oil and Gas Reporter - August 2021 - 8
American Oil and Gas Reporter - August 2021 - 9
American Oil and Gas Reporter - August 2021 - 10
American Oil and Gas Reporter - August 2021 - 11
American Oil and Gas Reporter - August 2021 - 12
American Oil and Gas Reporter - August 2021 - 13
American Oil and Gas Reporter - August 2021 - 14
American Oil and Gas Reporter - August 2021 - 15
American Oil and Gas Reporter - August 2021 - 16
American Oil and Gas Reporter - August 2021 - 17
American Oil and Gas Reporter - August 2021 - 18
American Oil and Gas Reporter - August 2021 - 19
American Oil and Gas Reporter - August 2021 - 20
American Oil and Gas Reporter - August 2021 - 21
American Oil and Gas Reporter - August 2021 - 22
American Oil and Gas Reporter - August 2021 - 23
American Oil and Gas Reporter - August 2021 - 24
American Oil and Gas Reporter - August 2021 - 25
American Oil and Gas Reporter - August 2021 - 26
American Oil and Gas Reporter - August 2021 - 27
American Oil and Gas Reporter - August 2021 - 28
American Oil and Gas Reporter - August 2021 - 29
American Oil and Gas Reporter - August 2021 - 30
American Oil and Gas Reporter - August 2021 - 31
American Oil and Gas Reporter - August 2021 - 32
American Oil and Gas Reporter - August 2021 - 33
American Oil and Gas Reporter - August 2021 - 34
American Oil and Gas Reporter - August 2021 - 35
American Oil and Gas Reporter - August 2021 - 36
American Oil and Gas Reporter - August 2021 - 37
American Oil and Gas Reporter - August 2021 - 38
American Oil and Gas Reporter - August 2021 - 39
American Oil and Gas Reporter - August 2021 - 40
American Oil and Gas Reporter - August 2021 - 41
American Oil and Gas Reporter - August 2021 - 42
American Oil and Gas Reporter - August 2021 - 43
American Oil and Gas Reporter - August 2021 - 44
American Oil and Gas Reporter - August 2021 - 45
American Oil and Gas Reporter - August 2021 - 46
American Oil and Gas Reporter - August 2021 - 47
American Oil and Gas Reporter - August 2021 - 48
American Oil and Gas Reporter - August 2021 - 49
American Oil and Gas Reporter - August 2021 - 50
American Oil and Gas Reporter - August 2021 - 51
American Oil and Gas Reporter - August 2021 - 52
American Oil and Gas Reporter - August 2021 - 53
American Oil and Gas Reporter - August 2021 - 54
American Oil and Gas Reporter - August 2021 - 55
American Oil and Gas Reporter - August 2021 - 56
American Oil and Gas Reporter - August 2021 - 57
American Oil and Gas Reporter - August 2021 - 58
American Oil and Gas Reporter - August 2021 - 59
American Oil and Gas Reporter - August 2021 - 60
American Oil and Gas Reporter - August 2021 - 61
American Oil and Gas Reporter - August 2021 - 62
American Oil and Gas Reporter - August 2021 - 63
American Oil and Gas Reporter - August 2021 - 64
American Oil and Gas Reporter - August 2021 - 65
American Oil and Gas Reporter - August 2021 - 66
American Oil and Gas Reporter - August 2021 - 67
American Oil and Gas Reporter - August 2021 - 68
American Oil and Gas Reporter - August 2021 - 69
American Oil and Gas Reporter - August 2021 - 70
American Oil and Gas Reporter - August 2021 - 71
American Oil and Gas Reporter - August 2021 - 72
American Oil and Gas Reporter - August 2021 - 73
American Oil and Gas Reporter - August 2021 - 74
American Oil and Gas Reporter - August 2021 - 75
American Oil and Gas Reporter - August 2021 - 76
American Oil and Gas Reporter - August 2021 - 77
American Oil and Gas Reporter - August 2021 - 78
American Oil and Gas Reporter - August 2021 - 79
American Oil and Gas Reporter - August 2021 - 80
American Oil and Gas Reporter - August 2021 - 81
American Oil and Gas Reporter - August 2021 - 82
American Oil and Gas Reporter - August 2021 - 83
American Oil and Gas Reporter - August 2021 - 84
American Oil and Gas Reporter - August 2021 - 85
American Oil and Gas Reporter - August 2021 - 86
American Oil and Gas Reporter - August 2021 - 87
American Oil and Gas Reporter - August 2021 - 88
American Oil and Gas Reporter - August 2021 - 89
American Oil and Gas Reporter - August 2021 - 90
American Oil and Gas Reporter - August 2021 - Cover3
American Oil and Gas Reporter - August 2021 - Cover4
https://www.nxtbook.com/nxtbooks/aogr/202412
https://www.nxtbook.com/nxtbooks/aogr/202411
https://www.nxtbook.com/nxtbooks/aogr/202410
https://www.nxtbook.com/nxtbooks/aogr/202409
https://www.nxtbook.com/nxtbooks/aogr/202408
https://www.nxtbook.com/nxtbooks/aogr/202407
https://www.nxtbook.com/nxtbooks/aogr/202406
https://www.nxtbook.com/nxtbooks/aogr/202405
https://www.nxtbook.com/nxtbooks/aogr/202404
https://www.nxtbook.com/nxtbooks/aogr/202403
https://www.nxtbook.com/nxtbooks/aogr/202402
https://www.nxtbook.com/nxtbooks/aogr/202401
https://www.nxtbook.com/nxtbooks/aogr/202312
https://www.nxtbook.com/nxtbooks/aogr/202311
https://www.nxtbook.com/nxtbooks/aogr/pbios_202310
https://www.nxtbook.com/nxtbooks/aogr/202309
https://www.nxtbook.com/nxtbooks/aogr/202308
https://www.nxtbook.com/nxtbooks/aogr/202307
https://www.nxtbook.com/nxtbooks/aogr/202306
https://www.nxtbook.com/nxtbooks/aogr/202305
https://www.nxtbook.com/nxtbooks/aogr/202304
https://www.nxtbook.com/nxtbooks/aogr/202303
https://www.nxtbook.com/nxtbooks/aogr/202302
https://www.nxtbook.com/nxtbooks/aogr/202301
https://www.nxtbook.com/nxtbooks/aogr/202212
https://www.nxtbook.com/nxtbooks/aogr/202211
https://www.nxtbook.com/nxtbooks/aogr/202210
https://www.nxtbook.com/nxtbooks/aogr/202209
https://www.nxtbook.com/nxtbooks/aogr/202208
https://www.nxtbook.com/nxtbooks/aogr/202207
https://www.nxtbook.com/nxtbooks/aogr/202206
https://www.nxtbook.com/nxtbooks/aogr/202205
https://www.nxtbook.com/nxtbooks/aogr/202204
https://www.nxtbook.com/nxtbooks/aogr/202203
https://www.nxtbook.com/nxtbooks/aogr/202202
https://www.nxtbook.com/nxtbooks/aogr/202201
https://www.nxtbook.com/nxtbooks/aogr/202112
https://www.nxtbook.com/nxtbooks/aogr/202111
https://www.nxtbook.com/nxtbooks/aogr/pbios_202110
https://www.nxtbook.com/nxtbooks/aogr/202109
https://www.nxtbook.com/nxtbooks/aogr/202108
https://www.nxtbook.com/nxtbooks/aogr/202107
https://www.nxtbook.com/nxtbooks/aogr/202106
https://www.nxtbook.com/nxtbooks/aogr/202105
https://www.nxtbook.com/nxtbooks/aogr/202104
https://www.nxtbook.com/nxtbooks/aogr/202103
https://www.nxtbook.com/nxtbooks/aogr/202102
https://www.nxtbook.com/nxtbooks/aogr/202101
https://www.nxtbook.com/nxtbooks/aogr/202012
https://www.nxtbook.com/nxtbooks/aogr/202011
https://www.nxtbook.com/nxtbooks/aogr/202010
https://www.nxtbook.com/nxtbooks/aogr/202009
https://www.nxtbook.com/nxtbooks/aogr/202008
https://www.nxtbook.com/nxtbooks/aogr/202007
https://www.nxtbook.com/nxtbooks/aogr/202006
https://www.nxtbook.com/nxtbooks/aogr/202005
https://www.nxtbook.com/nxtbooks/aogr/202004
https://www.nxtbook.com/nxtbooks/aogr/202003
https://www.nxtbook.com/nxtbooks/aogr/202002
https://www.nxtbook.com/nxtbooks/aogr/202001
https://www.nxtbook.com/nxtbooks/aogr/201912
https://www.nxtbook.com/nxtbooks/aogr/201911
https://www.nxtbook.com/nxtbooks/aogr/201910
https://www.nxtbook.com/nxtbooks/aogr/201909
https://www.nxtbook.com/nxtbooks/aogr/201908
https://www.nxtbook.com/nxtbooks/aogr/201907
https://www.nxtbook.com/nxtbooks/aogr/201906
https://www.nxtbook.com/nxtbooks/aogr/201905
https://www.nxtbook.com/nxtbooks/aogr/201904
https://www.nxtbook.com/nxtbooks/aogr/201903
https://www.nxtbook.com/nxtbooks/aogr/201902
https://www.nxtbook.com/nxtbooks/aogr/201901
https://www.nxtbook.com/nxtbooks/aogr/201812
https://www.nxtbook.com/nxtbooks/aogr/201811
https://www.nxtbook.com/nxtbooks/aogr/201810
https://www.nxtbook.com/nxtbooks/aogr/pbios_201810
https://www.nxtbook.com/nxtbooks/aogr/201809
https://www.nxtbook.com/nxtbooks/aogr/201808
https://www.nxtbook.com/nxtbooks/aogr/201807
https://www.nxtbook.com/nxtbooks/aogr/201806
https://www.nxtbook.com/nxtbooks/aogr/201805
https://www.nxtbook.com/nxtbooks/aogr/201804
https://www.nxtbook.com/nxtbooks/aogr/201803
https://www.nxtbook.com/nxtbooks/aogr/201802
https://www.nxtbook.com/nxtbooks/aogr/201801
https://www.nxtbook.com/nxtbooks/aogr/201712
https://www.nxtbook.com/nxtbooks/aogr/201711
https://www.nxtbook.com/nxtbooks/aogr/201710
https://www.nxtbook.com/nxtbooks/aogr/201709
https://www.nxtbook.com/nxtbooks/aogr/201708
https://www.nxtbook.com/nxtbooks/aogr/201707
https://www.nxtbook.com/nxtbooks/aogr/201706
https://www.nxtbook.com/nxtbooks/aogr/201705
https://www.nxtbook.com/nxtbooks/aogr/201704
https://www.nxtbook.com/nxtbooks/aogr/201703
https://www.nxtbook.com/nxtbooks/aogr/201702
https://www.nxtbook.com/nxtbooks/aogr/201701
https://www.nxtbook.com/nxtbooks/aogr/201612
https://www.nxtbook.com/nxtbooks/aogr/201611
https://www.nxtbook.com/nxtbooks/aogr/201610
https://www.nxtbook.com/nxtbooks/aogr/pbios2016_programguide
https://www.nxtbook.com/nxtbooks/aogr/201609
https://www.nxtbook.com/nxtbooks/aogr/201608
https://www.nxtbook.com/nxtbooks/aogr/201607
https://www.nxtbook.com/nxtbooks/aogr/201606
https://www.nxtbook.com/nxtbooks/aogr/201605
https://www.nxtbook.com/nxtbooks/aogr/201604
https://www.nxtbook.com/nxtbooks/aogr/201603
https://www.nxtbook.com/nxtbooks/aogr/201602
https://www.nxtbook.com/nxtbooks/aogr/201601
https://www.nxtbook.com/nxtbooks/aogr/201512
https://www.nxtbook.com/nxtbooks/aogr/201511
https://www.nxtbook.com/nxtbooks/aogr/201510
https://www.nxtbook.com/nxtbooks/aogr/201509
https://www.nxtbook.com/nxtbooks/aogr/201508
https://www.nxtbook.com/nxtbooks/aogr/201507
https://www.nxtbook.com/nxtbooks/aogr/201506
https://www.nxtbook.com/nxtbooks/aogr/201505
https://www.nxtbook.com/nxtbooks/aogr/201504
https://www.nxtbook.com/nxtbooks/aogr/201503
https://www.nxtbook.com/nxtbooks/aogr/201502
https://www.nxtbook.com/nxtbooks/aogr/201501
https://www.nxtbook.com/nxtbooks/aogr/201412
https://www.nxtbook.com/nxtbooks/aogr/201411
https://www.nxtbook.com/nxtbooks/aogr/201410
https://www.nxtbook.com/nxtbooks/aogr/201409
https://www.nxtbook.com/nxtbooks/aogr/pbios2014_programguide
https://www.nxtbook.com/nxtbooks/aogr/201408
https://www.nxtbook.com/nxtbooks/aogr/201407
https://www.nxtbook.com/nxtbooks/aogr/201406
https://www.nxtbook.com/nxtbooks/aogr/201405
https://www.nxtbook.com/nxtbooks/aogr/201404
https://www.nxtbook.com/nxtbooks/aogr/201403
https://www.nxtbook.com/nxtbooks/aogr/201402
https://www.nxtbook.com/nxtbooks/aogr/201401
https://www.nxtbook.com/nxtbooks/aogr/201312
https://www.nxtbook.com/nxtbooks/aogr/201311
https://www.nxtbook.com/nxtbooks/aogr/201310
https://www.nxtbook.com/nxtbooks/aogr/201309
https://www.nxtbook.com/nxtbooks/aogr/201308
https://www.nxtbook.com/nxtbooks/aogr/201307
https://www.nxtbook.com/nxtbooks/aogr/201306
https://www.nxtbook.com/nxtbooks/aogr/201305
https://www.nxtbook.com/nxtbooks/aogr/201304
https://www.nxtbook.com/nxtbooks/aogr/201303
https://www.nxtbook.com/nxtbooks/aogr/201302
https://www.nxtbook.com/nxtbooks/aogr/201301
https://www.nxtbook.com/nxtbooks/aogr/201212
https://www.nxtbook.com/nxtbooks/aogr/201211
https://www.nxtbook.com/nxtbooks/aogr/201210
https://www.nxtbook.com/nxtbooks/aogr/201209
https://www.nxtbook.com/nxtbooks/aogr/2012_pbios
https://www.nxtbook.com/nxtbooks/aogr/201208
https://www.nxtbook.com/nxtbooks/aogr/201207
https://www.nxtbook.com/nxtbooks/aogr/201206
https://www.nxtbook.com/nxtbooks/aogr/201205
https://www.nxtbook.com/nxtbooks/aogr/201204
https://www.nxtbook.com/nxtbooks/aogr/201203
https://www.nxtbook.com/nxtbooks/aogr/201202
https://www.nxtbook.com/nxtbooks/aogr/201201
https://www.nxtbook.com/nxtbooks/demo/aogr_clone
https://www.nxtbook.com/nxtbooks/aogr/201112
https://www.nxtbookmedia.com