Following the recent ransomware attack on the Colonial Pipeline Company, U.S. Rep. John Katko (R-NY) is urging the Cybersecurity and Infrastructure Security Agency (CISA) for great investment into the Pipeline Security Initiative public-private partnership.
The Pipeline Cybersecurity Initiative is a voluntary public-private effort to evaluate pipeline assets through a Validated Architecture and Design Review (VADR) process. As the most recent attack, which has caused North Carolina, Georgia, and Virginia to declare states of emergency, has shown identification of security flaws and resilience can be critical to the nation’s infrastructure, on which so much of the country relies.
Katko, ranking member of the House Committee on Homeland Security, said the public-private initiative has shown promise. In a letter to Acting CISA Director Brandon Wales, he called such an effort more important now than ever before.
“These VADR assessments have proven effective at identifying a wide range of potential vulnerabilities within pipeline systems – some of which have been publicly distilled,” Katko wrote. “Better understanding common security flaws and common misconfiguration issues is in everyone’s best interests, and these aggregated insights will help enhance national resilience. For this reason, my CISA appropriations request sent last week proposed an increase of 50 percent for the infrastructure analysis mission in the NRMC’s budget.”
In his letter, Katko also requested a briefing and answers to several outstanding questions, such as: how many VADRs have been conducted to date as part of the Initiative, how federal agencies collaborate on identifying candidates for conducting those assessments, how vulnerabilities are identified, and whether CISA plans to expand the VADR assessments to pipeline stakeholders beyond natural gas.