Pipelines lack security regulations like those imposed on utilities and the maritime sector
“The pipeline sector is a bit of the Wild West,” said John Cusimano, vice president of cybersecurity at aeSolutions, a consulting firm that works with energy companies and other industrial firms on cybersecurity.
Mr. Cusimano called for rules similar to the U.S. Coast Guard’s 2020 regulations for the maritime sector that required companies operating ports and terminals to put together cybersecurity assessments and plans for incidents.
Pipeline leaks are bad for everyone. They can have catastrophic effects on the environment, on communities and a company's bottom line. Given a bad enough leak, you could lose your license to operate, lose a fortune in revenue, and even face jail time. No one wants leaks.
Pipeline companies invest considerable effort preventing, detecting, and responding to leak incidents, but are they investing enough effort preventing, detecting to cybersecurity incidents? Since in principal, a cyber-incident could lead to a leak incident, companies should consider breach detection as part of their overall leak prevention program.