As West Texas Intermediate (WTI) has increased 15% over the last few months, the White House recently passed a significant Executive Order (EO) regarding cybersecurity that establishes new ground rules for confronting cyber-attacks challenging the government and the contractors that work directly with the government.
The EO has many monthly benchmarks being rolled out and the government will use its clout as one of the nation’s largest software consumers to insist vendors build cybersecurity into software from the ground up.
The federal government has also taken steps to exercise its existing authority to regulate the cybersecurity of pipelines. Security Directive Pipeline-2021-01 issued by the Department of Homeland Security mandates new cybersecurity assessments and mitigation plans for the country’s largest pipelines. One key objective is to ensure appropriate segmentation between enterprise IT networks and OT networks. This was perhaps the biggest problem with Colonial’s uncertainty as to whether the attack had penetrated to the OT systems that physically control pipeline operations. Without assurance that its OT systems were secure, Colonial had no choice but to shut down. The result was a ransomware attack that might have been a minor inconvenience instead became a national disruption.
Neiland Wright from Indrasoft, a Virginia government tech contractor, noted that, “This EO will set goals for modernizing cybersecurity in the government, enhancing information sharing between IT providers and it will establish a Cybersecurity Safety Review Board.”
Earl Crochet from Perceptive Sensors sits on a number of O&G industry committees and feels that the midstream could be a cyber-concern as it is the backbone and the central fuel delivery system within the US. “Better technology with Internet of Things (IoT) devices and blockchain could mitigate risks and add real-time transparency.”
By February 2022 under this EO, IoT cybersecurity and criteria will need to be established for consumer labeling of products. As the O&G industry embraces Industry 4.0, more IoT devices will be needed to support offshore rigs or refineries where conceptually these assets could be autonomous in the future from a control room.
Andrew Bruce, CEO of the Houston-based blockchain company Data Gumbo, feels that Distributed Ledger Technology (DLT) utilized in blockchain can reduce and compartmentalize cyber-incidents preventing access to other data to mitigate risk. “This could be an inflection point for government contractors to embrace blockchain to help protect critical infrastructures exposed to cyber-threats. With future architecture built on decentralized technology, blockchain’s capabilities can reduce exposure, speed recovery and ensure business continuity after any event.”
The O&G industry has been enhancing its ESG reporting over the past few years, and there could be a potential future in disclosures regarding cybersecurity for any company engaged in business with the government. 10-K disclosures will become the norm for any government-facing company. The question then will be where do O&G companies cross the line into being direct suppliers to the government? The answer: midstream. The Defense Logistics Agency (DLA) alone purchases $8.5B in fuel annually which is delivered via pipeline or truck. For many integrated oil companies and chemical companies, they will need to reimagine cybersecurity from the oilfield to the service station pump.
At every step down the WTI price ladder in the past 10 years, downstream became more competitive at lower prices with increased technology. The SolarWinds data breach of 2020 was a wakeup call to the government. Today, IoT and blockchain are poised to assist the midstream to become more efficient and address this new EO.
Contributing to this article were Neiland Wright info@indrasoft.com; Earl Crochet info@perceptivesensors.com; Andrew Bruce info@datagumbo.com.
