Katko Presses on Pipeline Cybersecurity Partnership Efforts
WASHINGTON, DC – In light of the recent ransomware attack impacting Colonial Pipeline Company, Rep. John Katko (R-NY), Ranking Member of the House Committee on Homeland Security, is urging further investment and growth in CISA’s Pipeline Cybersecurity Initiative to better identify security flaws and enhance the overall resilience of our nation’s critical infrastructure.
In a letter to Brandon Wales, Acting Director of CISA, Katko noted that the Pipeline Cybersecurity Initiative, housed within the National Risk Management Center (NRMC), has shown promise as a voluntary, public-private partnership to evaluate pipeline assets with a Validated Architecture and Design Review (VADR).
“These VADR assessments have proven effective at identifying a wide range of potential vulnerabilities within pipeline systems – some of which have been publicly distilled,” wrote Katko. “Better understanding common security flaws and common misconfiguration issues is in everyone’s best interests, and these aggregated insights will help enhance national resilience. For this reason, my CISA appropriations request sent last week proposed an increase of 50% for the infrastructure analysis mission in the NRMC’s budget.”
Katko continued, “Now, in the wake of the Colonial Pipeline ransomware incident, ensuring the success, growth, and effectiveness of the Pipeline Cybersecurity Initiative is more important than ever before.”
Katko requested a briefing on the initiative and posed the following questions:
- How many VADRs have been performed to date as part of the initiative?
- How do CISA, TSA, and DOE work together in the process of identifying potential candidates for conducting VADR assessments?
- How are vulnerabilities identified in these assessments mitigated and what resources does CISA offer to assist in the mitigation process?
- Does CISA plan to expand the VADR assessment offerings to pipeline stakeholders beyond natural gas, to eventually include fuel pipelines like Colonial? If so, what is the timeline for that expansion?
Read the full letter here.