Our Testimony to Congress on Efforts to Secure Oil and Gas Pipelines Against Cyberattacks (video) – Government Accountability Office

In May, Colonial Pipeline Companyannouncedthat it was the victim of a ransomware attack that led to temporary disruption in the delivery of gasoline and other petroleum products across much of the southeast U.S. This cyberattack exemplifies the cybersecurity threats to critical infrastructure that we at GAO have reported on and testified about for many years.

Yesterday, GAOs Leslie Gordonan acting director in our Homeland Security and Justice Teamtestified before the Senate about steps the federal government has taken to address pipeline security, including since the May attack, and what weaknesses remain.

View video clips from her testimony and read on to learn more:

Weaknesses in TSAs efforts

The Transportation Security Administration (TSA) has primary oversight responsibility for the physical security and cybersecurity of pipeline systems. Prior to the cyberattack in May, TSAs efforts included issuing voluntary security guidelines and performing security reviews of privately owned and operated pipelines.

In 2018 and 2019, we identified some weaknesses in TSAs oversight and guidance, and made recommendations, most of which TSA addressed. TSA clarified its pipeline security guidelines, improved performance monitoring, assessed staffing needs, and updated guidance on federal roles and responsibilities. However, as of June, TSA had not fully addressed 2 key weaknesses:

Weaknesses in government-wide efforts

The attack on Colonial Pipeline highlights the urgent need to address long-standing cybersecurity challenges facing the nation. Most systems and networks used today, including those that are part of our nations critical infrastructure, are interconnected with other systems and the internet, and because of this they are vulnerable to cyberattacks.

The federal government must take immediate steps to prevent, more quickly detect, and mitigate the damage of future cyberattacks. In particular, our testimony yesterday highlighted the need for the government to develop and execute a more comprehensive federal strategy for national cybersecurity and global cyberspace. Since 2010, we have made nearly 3700 recommendations to agencies aimed at remedying cybersecurity shortcomings. As of July 2021, more than 950 of those recommendations are not yet implemented. We will continue to assess and report on critical infrastructure cybersecurity protection.

Read more:
Our Testimony to Congress on Efforts to Secure Oil and Gas Pipelines Against Cyberattacks (video) - Government Accountability Office

Related Posts

Comments are closed.