US Energy Secretary Jennifer Granholm said May 28 the nation needs more comprehensive cybersecurity standards for oil and gas pipelines and infrastructure in the wake of the Colonial Pipeline ransomware attack earlier this month.
Speaking at an Air Liquide hydrogen plant outside of Houston in her first trip outside of Washington as the new secretary, Granholm touted clean energy projects and the need to “decarbonize” traditional fossil fuel sources, but she also highlighted the need to better protect the nation’s sources of oil, gas and fuel.
The most devastating cyberattack on a US pipeline stopped the nation’s primary artery for gasoline and refined products from delivering more than 100 million gal/d of fuels for nearly a week, triggering pricing spikes, panic-buying and regional shortages. Colonial stretches more than 5,500 miles from the Houston refining hub to New York Harbor, supplying about 45% of all the gasoline and diesel fuel consumed on the East Coast.
Not only did the attack disrupt arguably the nation’s most important fuel conduit, the incident also highlighted the particular vulnerability of the US’ network of energy pipelines to cyberattacks.
“We definitely need better standards on the oil and gas side of things,” Granholm said. “The electricity side already has standards they use to make sure there’s minimum cyber protections.”
The pipeline sector currently only has voluntary cybersecurity guidelines set by Department of Homeland Security, or DHS’s Transportation Security Administration — an agency primarily focused on the airline sector — and not mandatory standards such as those required of the electricity sector through the Commerce Department.
On May 27, the DHS announced that oil and gas pipeline operators must report all cyberattacks to the federal government. More potential mandates remain under consideration, the announcement said.
“Those kinds of discussions are what’s being considered right now inside the (Biden) administration,” Granholm said, citing the possible need for legislation.
While companies are motivated to prevent cyberattacks for their business model, the cybercriminals are constantly improving, she said, highlighting the need for more oversight and continuous improvement.
“Everybody agrees that for facilities that we all share or at least energy sources that we all share, we want to make sure that there’s reliability and obviously reliability comes in many ways,” Granholm said. “It could be the electricity grid in Texas, but it could also be making sure that we have a reliable source of oil and natural gas that is free from cyberattacks, which of course was the cause of the Colonial Pipeline. That should be considered as part of reliability.”
The midstream oil and gas industry said it is supportive of reporting requirements, but concerned about requirements potentially being too broad when there are attempted cyberattacks every day.
“Pipeline operators want to avoid a ‘ready, fire, aim’ approach from the government where we fail to incorporate lessons learned from Colonial or potentially make things worse by regulating the wrong thing or doing it in the wrong way,” said Association of Oil Pipelines Vice President John Stoody on May 27.
Apart from the lack of mandatory cybersecurity requirements for the industry, cybersecurity experts also have pointed out that pipelines are additionally vulnerable because they have so many associated field offices in rural areas along the routes that often have outdated technology.
Going green
While the energy sector argued the cyberattack showed the need for more oil, gas and fuel pipelines to better serve demand, Granholm said she wants to emphasize pipeline growth to carry products like hydrogen and carbon dioxide for cleaner energy, as well as carbon capture and storage projects.
“We want to make sure that we can decarbonize existing sources of energy that we have, as well as generate renewable energy,” she said. “You cannot get to net-zero emissions without carbon management and carbon-reduction strategies.”
Pivoting from a Trump administration that touted LNG exports as “freedom molecules,” Granholm said the world is moving away from power sources with greenhouse gas emissions, and that more emphasis is needed on reducing methane emissions — from leaks to flaring.
The Air Liquide plant she visited uses natural gas as a feedstock to produce hydrogen gas — a source of cleaner energy increasingly seen as having more potential to decarbonize the transportation sector. The eventual goal is to rely more on so-called green hydrogen derived from renewable energy sources.
Granholm emphasized that she wants Texas to not only lead the way in oil and gas, but also the nation’s renewable energy future. She noted that Texas already leads the nation in wind power generation, and that it trails only California in solar power.
“Clean energy takes all kinds of forms into the future, and Texas can be a leader in that,” she said.
