Parallels Between Pipeline Leak and Cyber Breach Detection

by Paul Rostick

Pipeline leaks can have catastrophic effects on the environment, on communities, and on a company’s bottom line. A company could lose their license to operate, lose a fortune in revenue, and employees could face jail time. Simply put, no one wants leaks. As a result, pipeline companies invest considerable effort preventing, detecting, and responding to leaks. Cyber incidents have resulted in serious pipeline leaks and incidents, so companies should also consider breach detection as part of their overall leak prevention program.

There are many parallels between leak detection and breach detection, such as the importance of dedicated, intelligent tools that automatically detect both physical and digital anomalies and generate alarms accordingly. Such tools enable quick analysis, accurate decisions, and appropriate actions, and can significantly reduce the impact and severity of incidents. Effective detection, containment and response times are the difference between a minor incident and a catastrophe.

To detect pipeline leaks, one uses an automated system to monitor flow rates, pressures and temperatures. The leak detection system holds a working model of the pipeline system and schedule. It can quickly and automatically correlate all the telemetry feeds into a real-time picture of the operating conditions throughout the pipeline and generate an alarm if something is amiss. Similarly, a digital breach detection system captures network activities such as user logins, program installs, file changes, account creations, protocols, machine-to-machine communications, and thousands of other potentially anomalous activities. It can also generate an alarm if something is amiss.

Physical operations and digital operations are now so inexorably intertwined and interdependent that a risk to one is a risk to the other. Your digital operations may very well be under attack by a global enemy, and a breach could lead to a spill or worse. Leak detection and breach detection have much in common: identify, protect, detect and respond.

Pipeline companies invest considerable effort to prevent the occurrence of spills. Yet they still prepare as if they will have them. They focus not only on protection, but on detection and response as well. They regularly and extensively drill on handling spills. This is the exact same model recommended for cybersecurity. Do everything you can to prevent breaches, but act as if you will have them. Why? The truth is, breaches happen. And because they happen, effective detection time and response time mean the difference between a minor event and a catastrophe.

Click here for a more detailed read of You do leak detection, but do you have breach detection?