Insight

Critical Infrastructure and the need to get Pipeline Cyber OT right

Why an aligned cyber security program facilitates IT and OT convergence

Jason A Haward-Grau

Jason A Haward-Grau

Managing Director, Cyber Security Services, KPMG US

+1 713-304-0044

Tim Johnson

Tim Johnson

Director Advisory, Cyber Security Services, KPMG US

+1 214-840-4449

For more than a decade there has been a set of federal cyber security recommendations for owners and operators of oil and liquified natural gas pipelines. However, since they were essentially optional, few organizations formally adopted them as policy. As a result, we’ve seen an increasing number of successful ransomware attacks impacting organizations with the intent to disrupt production and distribution.

The threat continued to expand to a large pipeline company in May 2021 which was a tipping point. Shortly after that attack disrupted the flow of gasoline and jet and diesel fuel along the East Coast, the U.S. Department of Homeland Security (DHS) issued two Transportation Security Administration (TSA) Security Directives that feature a number of measures oil and gas pipeline owners and operators must implement.

Read our white paper to learn about the mandatory cyber measures for critical facilities, the relationship between IT and OT, and why companies must aspire to be highly cyber proficient.