The May 2021 attack on Colonial Pipeline — thought to be the largest successful cyberattack on oil infrastructure in U.S. history — led the Department of Homeland Security’s Transportation Security Administration to issue the first mandatory cybersecurity standards for pipelines, after years of relying solely on voluntary guidelines. But Democratic lawmakers, regulators and cybersecurity experts say those standards don’t go nearly far enough, and fall short of the binding standards that the U.S. electricity sector has spent years developing.
U.S. regulators or the gas pipeline companies themselves need to address that gaping hole in the nation’s energy security, experts say — noting that the gas and electricity sectors increasingly depend on each other.
“We say ‘gas and electricity’ as if they’re separate — they aren’t,” said Craig Miller, a research professor of electrical and computer engineering at Carnegie Mellon University, and former chief scientist of the National Rural Electric Cooperative Association. “You don’t move gas without electricity: You need pumps. And you don’t make electricity without gas.”
The Russian invasion of Ukraine has only exacerbated fears of a cyberattack on critical energy infrastructure. Energy Secretary Jennifer Granholm urged energy executives last week to prepare “to the highest possible level” for a potential cyberattack from Russia.
“While there remains no specific credible threat to the homeland from Russia, that I am aware of, the U.S. Government has been working with energy sector owners and operators to prepare for all geopolitical contingencies,” she wrote in a letter to industry trade organizations.
The nation has grown more reliant on natural gas as a power resource — the fuel made up 37 percent of the U.S. electricity mix in 2021, according to the U.S. Energy Information Administration, compared to 25 percent a decade ago — and the challenges of connecting the two energy systems have been a focus of federal regulators for years. Meanwhile, digital technology increasingly runs the systems that control critical infrastructure, making all energy infrastructure more vulnerable to cyber…