The U.S. network of natural gas and hazardous liquid pipelines is vulnerable to cyber attacks that could disrupt service and cause spills, explosions or fires, a threat that grows each day with the rise of specialized malicious software.
The Aug. 16 report from the Congressional Research Service, said U.S. pipeline computer systems have just experienced a coordinated series of cyber intrusions.
The threat is to pipeline supervisory control and data acquisition (SCADA) systems ended up highlighted in a March 2012 report by the Homeland Security Department, which disclosed the ongoing cyber intrusions.
Al Qaeda called for an “electronic jihad” against critical U.S. infrastructure, the CRS said, citing an FBI report, but it was unclear from the report whether the coordinated attacks were a part of any al Qaeda activity.
The Transportation Security Administration (TSA) can regulate physical security and cyber security for pipelines, but has not done so, TSA said. The agency said regulations could set a standard below that already followed by pipeline operators, according to the report.
“Based on the agency’s corporate security reviews, TSA believes cyber security among major U.S. pipeline systems is effective,” CRS said in the report. “However, without formal cyber security plans and reporting requirements, it is difficult for Congress to know for certain. Whether the self-interest of pipeline operators is sufficient to generate the level of cyber security appropriate for a critical infrastructure sector is open to debate.”
The U.S. has more than 500,000 miles of high-volume oil, gas and other hazardous-material pipelines, and nearly 900,000 miles of smaller pipelines deliver natural gas to businesses and homes, according to the report.
It is unclear whether TSA’s Pipeline Security Division has the capability to develop specific cyber security regulations, CRS said.