“This new directive is a good start. Mandatory breach reporting and security gap assessments are important first steps to address security issues in the oil and gas sector. As seen with Colonial, the cost of downtime is prohibitive; many in this sector already engage in mature cybersecurity practices. However, the distributed nature of oil and gas operators — pipelines, rigs and refineries in remote locations — makes securing their physical infrastructure difficult. We know from our customers that no two operators are alike in terms of the exact processes and systems they’re using. These factors make it harder to establish one set of cybersecurity requirements that will work effectively for all.
Are DHS Pipeline Breach Reporting Mandates Just the Beginning?
