© 2021 WOSU Public Media
Play Live Radio
Next Up:
Available On Air Stations
WKSU Stories

The Company that Controls Rover Pipeline was a Cyber-Attack Target

Ground clearing work along Rover route in Wayne County, OH
Ground clearing work along Rover route in Wayne County, OH

The Rover Pipeline’s corporate parent came under cyber-attack this week, according to Bloomberg News, as did three other natural gas transmission companies. No pipeline operations or safety systems were affected.

Cyber security and pipeline protection

Robert Eckman, Chief of Information Security, PCMC
Credit Cleveland-Marshall College of Law
Robert Eckman, Chief of Information Security, PCMC

Robert Eckman is director of the Center for Cyber Security and Protection at the Cleveland Marshall College of Law. He's also chief information security officer with Cleveland-based MCPC, a technology management consulting company. He says cyber-security in energy companies has often been divided among departments, and poor internal communication can create  vulnerabilities. But he also says there are now organized efforts to fix that, including new government guidelines.

“The Department of Energy actually has stepped up to the table with oil and natural gas cyber security to bring together information technologies, security and operational technologies into a common framework. That then allows them to prioritize their cyber security capability. So we are seeing movement in that space for certain.”

Ekman, who helped develop cyber security for nuclear power plants including Davis Besse and Perry in northern Ohio, says the whole energy industry must recognize the growing risk of cyber-attack, and take steps to reduce it.

For example, the communications systems of Energy Transfer Partners that were hacked actually belong to somebody else; an outside vendor that handles computer-to-computer interchanges for customer ordering and billing information.  Eckman says such arrangements are increasingly problematic and regulators and the energy industry itself are requiring changes.

Changes in managing information technology

“Third party entities that support these critical infrastructure companies are now being held to the same standards, especially in the nuclear space. But we’re also seeing it in the fossil power generation and other critical infrastructure areas.  I suspect the same thing will begin to happen in the oil and gas spaces as well."

Energy Transfer Partners is one of the nation’s largest pipeline and energy infrastructure companies.

Note:  This article has been updated to change "your" to "their" in referring to cyber security capability  in the first quote from Robert Eckman.

Copyright 2021 WKSU. To see more, visit WKSU.