Recent press reports indicate that a cyber-attack disabled the third-party platform used by oil and gas pipeline company Energy Transfer Partners to exchange documents with other customers. Effects from the attack were largely confined because no other systems were impacted, including, most notably, industrial controls for critical infrastructure. However, the attack comes on the heels of a Federal Bureau of Investigation and Department of Homeland Security (“DHS”) alert warning of Russian attempts to use tactics including spearphishing, watering hole attacks, and credential gathering to target industrial control systems throughout critical infrastructure, as well as an indictment against Iranian nationals who used similar tactics to attack private, education, and government intuitions, including the Federal Energy Regulatory Commission (“FERC”). These incidents are raising questions about cybersecurity across the US pipeline network. Continue Reading Attacks Targeting Oil and Gas Sector Renew Questions About Cybersecurity

Just before Christmas, the U.S. Environmental Protection Agency (EPA) released controversial regulations, titled Accidental Release Prevention Requirements: Risk Management Programs under the Clean Air Act; Prepublication Final Rule, that EPA states will “modernize” the Clean Air Act Section 112(r)(7) Risk Management Program (RMP) regulations. These 1990s-era regulations, covering about 12,500 facilities across the country, require that facilities storing certain amounts of specified chemicals develop risk management plans to prevent the accidental release of those substances into the air and mitigate impacts of accidental releases that do occur. EPA initiated these RMP rule revisions under the directive of President Obama’s August 1, 2013, Executive Order (EO) 13650, Improving Chemical Facility Safety and Security. After proposal on March 14, 2016, EPA received more than 44,000 comments, making rule issuance in just over six months’ time remarkable, especially given that the final rule and response to comments total about 600 pages.

Continue Reading EPA Risk Management Plan Midnight Rule Poses Facility Security Threats and Imposes Huge Costs