INDUSTRIAL CONTROL SYSTEM VULNERABILITIES ON DISPLAY

shutterstock_179088455_Low.jpg

Official IPRO Press Release

May 12th, 2021

Washington, D.C. The shutdown of the Colonial Pipeline in response to an unlawful cyber ransomware attack exposes the fact that, despite the best efforts of several government agencies and the expertise of critical industry sectors, the North American cyber ecosystem remains a dangerous place. The International Pipeline Resilience Organization, known as IPRO, has been created as a non-profit self-regulatory initiative to work on behalf of natural gas and oil pipelines whose long lines and interconnections – physical, financial, and digital -- serve every segment of our domestic economy.

IPRO is a member-driven organization that seeks to fill a critical gap in the preparedness of critical energy delivery systems to meet the challenges to our economic and military security that have arisen from bad actors and malefactors in cyberspace. Oil and natural gas pipelines (including natural gas liquids and refined products pipelines) are unquestionably critical infrastructures. IPRO plans to employ accepted standards and controls that need to be implemented to reduce or eliminate the risks of intrusion into the individual pipelines and system-wide operations. Such disruptions or loss of service can have dire consequences. IPRO will focus on enterprise-wide cyber challenges and solutions that will lead to durable security for the North American energy supply chain.

For now, affected agencies and the pipeline industry must be left to do their work in addressing this emergency. The Colonial shutdown nevertheless ensures that changes are on the horizon. The Congressionally mandated Cyberspace Solarium Commission report (2020) places a premium on public-private sector collaboration and on improvement in government oversight. IPRO speaks to both those concerns. It is an intermediate mechanism that provides “boots-on-the-ground” to independently assess the level of compliance and security of individual pipelines and network systems. The alternatives before us are more regulation and increased audits or a technically sound industry process. The current opacity and lack of understanding and education about the state of pipeline cybersecurity entail risk, perhaps enterprise risk in some cases. We believe that strategic pursuit of the highest levels of maturity in pipeline cybersecurity goes well beyond information-sharing and audit upon audit.


IPRO represents a distinctive new approach, not just more of the same bolted onto existing procedures. It will support both the agencies charged with mastering cyber threats and an industry segment that is probably unduly exposed. The IPRO model enables pipelines to volunteer for an appropriate level of scrutiny. They deserve a collaborative but a technically sound close look,” stated Jim Hoecker, co-founder of IPRO and former Chairman of the Federal Energy Regulatory Commission. “The benefits that could flow from IPRO will also include reduced regulatory risk, savings in such expenses as insurance and cost of capital, and state-of-the-art information and technical judgment,” claimed Emil Peña, a former Deputy Assistant Secretary of Energy.


About IPRO: The International Pipeline Resilience Organization was founded in 2020 as a member-driven, non-profit corporation that works on behalf of two critical energy delivery industries -- oil and natural gas pipelines (including natural gas liquids and refined products pipelines) – to identify pragmatic controls that reduce or eliminate the risks of cyber or physical intrusions and the resulting disruption of services. IPRO focuses on enterprise-wide cyber challenges and solutions that will achieve durable security for the North American energy supply chain.

For further information:
James Hoecker 202-378-2316
James.hoecker@huschblackwell.com

Previous
Previous

Fake News Reaches Risk Management