Crown Jewel® Insurance

View Original

DHS Pipeline security requirements: Too little too late?

DHS is finally requiring more robust information and supply chain #cybersecurity requirements for pipelines.

Are these robust enough? I doubt it because by the time lobbyists get involved everything gets watered down. But even if they are, our response to the threats from our adversaries needs to be much stronger to prevent them from targeting US #criticalinfrastructure (CI) in the first place. We cannot be perceived as weak or indifferent or uncoordinated in our efforts, which we have done for a decade or more.

 

What about other CI industries (water and power supply, transportation, telecom, and banking in particular)? And what about each of these companies' #supplychains? With 85% of our critical infrastructure being run by private companies, driven by their own agendas and shareholders to think of, there has to be much more stringent oversight of the management of these massively important risks!

 

Companies who voluntarily add more resources (people, process, technology) to the management of these risks should have significant incentives (taxes, etc.) to do so. Next, #boardsofdirectors have to be held responsible for understanding these risks and putting proper resources around them; not getting away with the "prudent person" rule as a defense to lax #cybersecurity (including IoT devices, sensors, and operational technology such as SCADA) management or else the changes will come way too late! The economic reward system centers around cost savings and increased top lines. When it comes to CI, our incentives are misaligned, sadly.

 

Not only is our physical safety at risk, but our economic future is as well, from both the fallout of such an attack or from the theft of our most valuable competitive assets as a nation, our #tradesecrets.

 

https://www.businessinsurance.com/article/20210720/NEWS06/912343336/New-cybersecurity-requirements-for-critical-pipeline-owners?utm_campaign=BI20210720Breaking