Comprehensive Pipeline Security
Though the embrace of digitalization and data analytics have made companies significantly more efficient and informed, it has also made them more vulnerable to cyberattacks. With several high-profile utilities and pipeline operators — including the Colonial Pipeline — fighting off cyberattacks in recent years, much of the attention around pipeline security has shifted toward cybersecurity.
Though cybersecurity is a crucial component of any security plan, as Michael Nushart, principal consultant at Black & Veatch, explains in a recent article for Pipeline & Gas Journal: “comprehensive, enhanced pipeline security must consider and mitigate the full range of pipeline threats, both digital and physical.”
In planning for comprehensive security, pipeline owners and operators should consider the May 2021 security directive released by the U.S. Transportation Security Administration (TSA), which lays out a range of requirements aimed at tracking and mitigating cybersecurity threats. The directive demonstrates the depth of the TSA’s concern for pipeline infrastructure security, especially as it extends concern across any threats which affect digital systems, physical assets and operational capabilities.
In light of the directive, Nushart explains that “operational disruptions, customer impact and affected critical infrastructure impacting government functions or national security are the principal concerns surrounding pipeline security.”
Luckily, there are several assessments and avenues pipeline owners and operators can take in their quests to safeguard their systems, including criticality assessments, security vulnerability assessments and remote facility physical vulnerability assessments. Such assessments are the first phase in security planning, and detailed security plans are the key to fending off malicious actors.
“Teams with operational experience possess the synergy to observe and anticipate critical systems and assets and determine mitigative actions. While it is nearly impossible for pipeline operators to fully protect facilities from terrorism, malicious cyber and physical vandalism attacks can be bested,” writes Nushart for Pipeline & Gas Journal. “Risk analysis efforts with periodic detailed review plans can help identify new critical systems and assets and enable new mitigative actions.”