Expanding and investing in the Cybersecurity and Infrastructure Security Agency’s (CISA) Pipeline Cybersecurity Initiative could address cybersecurity risks and prevent future cyberattacks on United States pipeline infrastructure, such as the recent Colonial Pipeline hack, according to Rep. John Katko, R-N.Y.
In a May 11 letter to Brandon Wales, CISA’s acting director, Rep. Katko, ranking member of the House Homeland Security Committee, noted the Pipeline Cybersecurity Initiative “has shown promise as a voluntary, public-private partnership between CISA, Transportation Security Administration (TSA), Department of Energy (DOE), and a range of pipeline-dominant critical infrastructure stakeholders.”
The “success, growth, and effectiveness of the Pipeline Cybersecurity Initiative is more important than ever before,” Rep. Katko said.
The Pipeline Cybersecurity Initiative was launched in 2018 and currently sits under CISA’s National Risk Management Center (NRMC). The initiative is responsible for conducting Validated Architecture and Design Review (VADR) assessments on pipeline assets.
“These VADR assessments have proven effective at identifying a wide range of potential vulnerabilities within pipeline systems – some of which have been publicly distilled,” Rep. Katko wrote. “Better understanding common security flaws and common misconfiguration issues is in everyone’s best interests, and these aggregated insights will help enhance national resilience. For this reason, my CISA appropriations request sent last week proposed an increase of 50% for the infrastructure analysis mission in the NRMC’s budget.”
Rep. Katko posed six questions to Wales, regarding more information on the VADR assessments and how vulnerabilities are mitigated once identified. He also wants to know if CISA plans to expand VADR assessments “to pipeline stakeholders beyond natural gas, to eventually include fuel pipelines like Colonial.”