Cybersecurity: A Growing ESG Concern
Cybersecurity is solidifying as a top governance concern within environmental, social, and governance (ESG) considerations as cyberattacks increase in frequency and severity—alongside the financial losses and disruptions that can follow in their wake. The cyberattack on Colonial Pipeline, a main artery of the U.S. fuel supply, is the most recent incident that has raised questions over whether industries are adequately prepared to mitigate risk and safeguard vulnerabilities.
Published: May 25, 2021
To facilitate long term, sustainable growth, it is imperative to analyze the environmental, social and governance (ESG) performance of companies and examine how activity in the markets influences the world in which we live.
ACCESS THE TOPIC PAGEESG
Oil and gas pipeline operators must report all cyberattacks to the federal government in the wake of the shutdown of the Colonial Pipeline from a ransomware attack earlier in May, the US Department of Homeland Security said May 27 in a new security directive.
The most devastating cyberattack on a US pipeline stopped the nation's primary artery for gasoline and refined products from delivering more than 100 million gal/d of fuels for nearly a week, triggering pricing spikes, panic-buying and regional shortages. Colonial stretches more than 5,500 miles from the Houston refining hub to New York Harbor, supplying about 45% of all the gasoline and diesel fuel consumed on the East Coast.
Listen: Episode 15: The RSA Conference Security Preview
Scott Crawford, 451’s research director for security, and Garrett Bekker and Fernando Montenegro, analysts on Scott’s team, join host Eric Hanselman to ponder what to look for in the first virtual version of RSA.
Listen to the PodcastDAPL Cites Colonial Pipeline Outage as Reason to Remain Open
The owners of the Dakota Access Pipeline cited the recent Colonial Pipeline outage from a cyberattack and a May 16 train derailment in Iowa as reasons to keep the major Bakken Shale crude oil artery open as it faces a potential court-ordered shutdown.
Read the Full Article
Energy System Vulnerabilities
The decision to take the entire Colonial Pipeline Co. system offline following a cyberattack raises questions about whether the pipeline industry will be able to avoid disruptive whole-system shutdowns in the future.
Cybersecurity and information technology professionals warn that following industry best practices alone may not prevent cyberattacks from infecting the systems that control the nation's vast energy infrastructure. With legacy pipeline assets becoming more connected and ransomware on the rise, attacks that shut down physical infrastructure are becoming more commonplace, they said.
"Now we're seeing five to 10 a year. While that might not seem high, this is one of them, and you have an entire coast shut down for a pipeline," said Nicholas Friedman, national managing partner and governance, risk and compliance strategist at enterprise risk management firm Templar Shield Inc.
The event is one of the highest-profile cyberattacks on U.S. energy infrastructure to date. It brought to a halt a major artery that provides the East Coast with nearly half of its fuel and prompted the federal government to convene inter-agency meetings and take emergency measures. The impact on fuel prices and supplies continues to be in flux.
Colonial Attack Highlights Particular Vulnerability of Pipelines From Cyberthreats
The successful cyberattack of the main artery of the US' fuel supply show how energy pipelines are acutely vulnerable in an underregulated sector with many remote field locations potentially exposed to attacks.
Read the Full ArticleColonial Pipeline Outage Highlights Need for Energy Systems to be More Cyber Resilient: IEA
The outage of a critical US oil pipeline from a cyberattack underscores the need for energy infrastructure to become "more cyber resilient," with digitalization and automation of energy systems increasing the scope for such attacks.
Read the Full ArticlePipeline Cyber Breach May be 'Wake-Up Call' for Vulnerable Sector – Attorney
It was only a matter of time before the midstream industry fell prey to a cybersecurity attack like the one recently suffered by Colonial Pipeline Co., an attorney and subject matter expert at firm Jones Walker LLP said in a recent interview.
Read the Full ArticleFormer Energy Secretary Brouillette on Foiling Infrastructure Cyberattacks
The federal government should optimize information sharing through public-private forums to ensure infrastructure operators are ready for cyberattacks, according to Brouillette.
Read the Full Article
Federal Cybersecurity
The shutdown of the 5,500-mile Colonial Pipeline Co. system following a cyberattack has revived calls for federal regulation of pipeline operators and reform at federal agencies.
As of May 11, Colonial was returning portions of the critical artery for East Coast gasoline and refined fuel supply to service. While government officials and industry analysts did not anticipate widespread supply disruptions, the high-profile event caused filling station shortages in the Southeast and raised concerns about the prospect of future pipeline shutdowns at a time of rising cyberattacks.
Biden Administration Blazes New Path to Protect Grid from Cyber Threats, Foreign Adversaries
The Department of Energy April 20 launched an aggressive 100-day plan to protect electric infrastructure from persistent and sophisticated cyber threats.
Reads the Full ArticlePower Industry Divided Over FERC's Proposed Incentives for Cybersecurity Measures
A proposal to award extra financial incentives to electric utilities that implement cybersecurity measures that go above and beyond current mandatory reliability standards drew a divided reaction among power sector stakeholders.
Reads the Full ArticleTech Attacks
The cyberattack on Microsoft Corp.'s email server software has mushroomed into a global crisis that cybersecurity experts say will likely claim many more victims due to the sophisticated nature of the hack.
Vulnerabilities in Microsoft Exchange, the company's widely used email and calendaring software targeted at enterprise customers, allowed hackers to access emails from its servers and install additional malware to maintain access to the victims' environments.
Microsoft President Calls for Mandatory Disclosure of Cyberattacks
Microsoft Corp. President Brad Smith urged U.S. lawmakers to impose obligations on companies and organizations to report any cyberattacks they face in order to better safeguard the country from incidents like the breach of SolarWinds Corp.'s systems.
Read the Full Article
Insurance Exposure
Cyber attacks are on the rise, as are the financial losses that can follow in their wake.
Yet the cyber insurance market is underdeveloped, and cyber cover is often tacked onto existing liability or property insurance policies that were not originally intended to cover cyber risk.
In some cases, the policies do not explicitly include or exclude cyber cover, thereby exposing the insurers to the risk of "silent cyber", or losses to settle unexpected cyber-related claims.
Cyber Risk In A New Era: Insurers Can be Part of the Solution
The COVID-19 pandemic has changed the ways we shop, learn, and work with important implications for cyber risk. E-commerce is booming, brick-and-mortar retailers are shifting to digital platforms, and schools and offices have adopted online classes and home working.
Read the Full ReportAs Threats Grow, Cyber Insurance Seen as More of a Necessity
Businesses are treating cyber liability insurance as less of a luxury and more of a necessity as larger numbers of customers are drawn into the market and existing clients seek higher coverage limits, according to Advisen Ltd. surveys.
Read the Full ArticleRisk Mitigation
The cybersecurity attack on Colonial Pipeline, a main artery of US fuel supply, is spawning renewed calls for legislation to bolster defenses of US pipelines and the electric power grid, and, in some corners, calls for new government authority to hold companies accountable if they fail to act.
House Energy and Commerce Committee leaders on May 11 reintroduced bipartisan legislation aimed at strengthening the Department of Energy's ability to respond to physical and cybersecurity threats to the nation's pipelines and LNG facilities.
Committee Chairman Frank Pallone, Democrat-New Jersey and Ranking Member Cathy McMorris Rodgers, Republican-Washington, said their committee was the best equipped to lead bipartisan cybersecurity solutions, particularly for energy infrastructure and pipelines.
"The Colonial Pipeline cyberattack and the ripple effects being felt now across the country are sharp reminders of just how deeply we all rely upon our energy infrastructure every day, and just how crucial it is that we invest in modernizing and protecting it," they said in a joint statement. They urged that bipartisan solutions put forward by the committee be "enacted immediately."
Manufacturing Faces Distinct Challenges In Cyber Risk Mitigation (Part 1 of 3)
Cyberattacks on steel producers can have serious repercussions, impeding production and causing significant financial losses for targeted companies.
Read the Full ArticleSteel Mills Have Unique Challenges, Vulnerabilities to Cyberattacks (Part 2 of 3)
Historically, critical infrastructure systems like steel mills have had distinct vulnerabilities due to being purpose-built systems, designed to run with very little variation.
Read the Full ArticleCyber-Informed Engineering Perspective Needed for Cyber-Defense (Part 3 of 3)
In order to effectively and efficiently protect assets from a cyberattack, companies need to go beyond IT security and evaluate cyber risk from a cyber-informed engineering perspective.
Read the Full Article
Technological disruption is the driving change agent for businesses, their competitive and industrial dynamics, and capital markets that fund growth. Media—including broadcast, cable, cinema, OTT, and telecom—is creating the culture of the future.
Access the Topic Page