During a House Energy Committee hearing before the Congressional Recess, Rep. Gary Palmer (R-AL) asked Executive Director of the Pipeline Safety Trust Bill Caram and President and Chief Executive Officer of the Liquid Energy Pipeline Association Andrew Black about cyberthreats to pipeline infrastructure.
00:00And the chair now recognizes the gentleman from Alabama's 6th district for five minutes for questions.
00:05Thank you, Mr. Chairman.
00:06And I'll allow you to answer that question from Ms. McClellan.
00:10That's in line with some of my questions.
00:16Well, I will say that cybersecurity is not really in the wheelhouse of pipeline safety for our organization.
00:22It's more of a reliability issue.
00:24So we don't really dig into the weeds on it.
00:28The way we've approached it is the integrity management program for high-consequence areas requires an operator to identify all potential threats against the pipeline,
00:38create a plan to mitigate against those threats, and implement that plan.
00:42And cybersecurity threats should be considered one of those threats,
00:46and PHMSA could adopt some specific standards within integrity management.
00:50To the rest of your question, as far as agency coordination, is beyond my expertise.
00:55Mr. Black, I'd like for you to take a shot at that question as well.
01:00But back in 2021, we had a ransomware attack on the Colonial Pipeline, which was in my district.
01:09And there have been multiple attacks at various health care facilities around the country.
01:13And as more pipeline networks become part of that equation, the threat of another attack is very much a real possibility,
01:23whether it's fuel line like the Colonial Pipeline or other pipelines.
01:28Can you address where you think we are in terms of protecting our pipelines from cyber attacks and what we need to do to protect them?
01:39Glad to address both of you. Cybersecurity is very important to pipelines.
01:43Like any Fortune 500 company, pipeline operators need to maintain safeguards to protect their commercial systems and their operational systems.
01:52We'll do that in concert with the Transportation Security Administration, working with them on cyber directives.
01:58I believe you asked about CISA reauthorization, LEPA supports reauthorization of CISA.
02:04That will give pipeline operators the opportunity, a safe place to work with governments to talk about threats.
02:10It's quite important that PHMSA coordinate with those with cybersecurity expertise to make sure that anything that PHMSA does is in concert
02:17with what they know about how to do cybersecurity for pipelines, which quickly evolving technologies and threats.
02:25Very important.
02:26Sir, are you hearing much on that from industry?
02:31Every day we know there are attempts of breaches.
02:34I participate in classified briefings from government.
02:38We must always have our guard on pipeline safety.
02:41Thankfully, there are recommended practices.
02:42There are interactions with government and experts to try and improve that.
02:47We can never stop our vigilance.
02:50Do you feel like PHMSA is weighing in on this properly?
02:56They're doing their part?
02:57Do we need to be doing more?
03:00PHMSA is not key on cybersecurity, and I think that's okay.
03:03We'll work with CISA and with TSA.
03:06We need PHMSA to make sure they're talking with them.
03:08Many of these briefings, PHMSA is a part of those.
03:11That coordination should be done right to make sure there's not conflicts and overlapping and pipeline operators being told to do two different things.
03:18We need to make sure we're doing that right.
03:20Do we know if these are just in the ransomware attack situation with Colonial Pipeline?
03:25That was just people trying to extort money, but do we have nation-state involved in this or people who are being given safe harbors?
03:36We know they are in China and Russia and other places to launch these attacks.
03:42Is there any effort?
03:42In this public setting, generally, yes, and I know there's people I can encourage you to talk to in government that can help take you more,
03:48but we must be vigilant and must be working on this well.
03:52My concern about this transcends the pipelines.
03:55I mean, it's the critical infrastructure across the country that could be subject to a cyber attack,
04:00whether it's a ransomware attack or, you know, from a state-sponsored terrorist group.
04:08I mean, it could be anything.
04:10And I think that our grid in its totality, not just the power grid, but the entire totality of the grid,
04:19whether it's pipelines or power, we've got to make this a very serious issue.
04:25We, Americans, use all these forms of energy every day, and we can't afford to have something down from a cyber incident.
04:32You're absolutely right.
04:33Thank you for paying attention to that.
04:34Well, I appreciate your response.
04:36Mr. Chairman, I yield back.
04:39And I'll see you next week.
04:39Okay.
04:40I wonder if you'll understand that.
04:42We, President, what's two of you always say?
04:43It's up here.
04:44I wonder if you don't like him.
04:46Well, you're absolutely right.
04:47I wonder if I live to our way.
04:48But, like, am I kidding?
04:49Most of you, is there at this time if you will?
04:51We're on this one like, which one of you are on this side is in, and I guess so you may use Eller that piece.
Be the first to comment