The vast systems of pipelines in the United States are a fundamentally safe means of transport for energy related commodities, but present unique security challenges for the private sector and government. According to the US Department of Homeland Security (US DHS), these systems span over 2.5 million miles while transporting nearly all of the country’s natural gas and roughly 65 percent of hazardous liquids consumed nationwide. Such statistics highlight the risk inherent to the general pipeline infrastructure as well as the potential cascading effects of a disruption.
The further development of pipeline infrastructure in recent years is not only prevalent across the county, but also within New Jersey. As expansion continues, reducing the vulnerability of the infrastructure and planning for the consequences of a potential disruption become a continually expanding strategic focus.
According to the University of Maryland’s Global Terrorism Database, terrorist threats targeting the oil and gas sector have risen sharply within the past few years, with the vast majority of attacks occurring in the Middle East, Africa, and Latin America. While there is no specific reporting which indicates that similar attacks will occur in the US, the fact that terrorist groups have demonstrated the capability and intent to attack pipeline systems abroad, such as the 2008-2009 pipeline bombings in Canada, heightens awareness of the potential for similar attacks occurring within the US.
Inherent within the general risk profile of the pipeline infrastructure is the threat posed by the nature of the commodity. Hazardous materials transported through the pipeline infrastructure pose an exponential consideration when assessing risk. Catastrophic damage to the physical pipeline infrastructure would also create a cascading disruption in the supply chain, and ultimately the organizations serviced by the commodity. Thus, the potential consequences of an attack, or the manifestation of a natural hazard on the pipeline infrastructure would present significant economic considerations. The effects of any disruption would cascade to the many industries that are dependent upon a stable and reliable flow of natural gas and petroleum products. A disruption in the supply chain for these critical commodities has the potential to shut down the operations of entire industries. Unfortunately, one only has to look as far back as Superstorm Sandy in New Jersey to get a glimpse of these potential cascading challenges.
Within New Jersey, the proposed expansion of pipelines and supporting facilities would increase the physical infrastructure present within the state. Miles of additional pipeline will require proportional effort in security planning to reduce the risk from both malicious attacks and natural disasters. Ensuring that both the infrastructure and the supply chain are able to anticipate, adapt to, and recover from adversity or changing conditions is important to both the pipeline operators as well as the commodity consumer. Affirmative planning actions, such as the consideration of security needs and challenges during the pipeline construction processes, would increase the overall effectiveness of security planning and the measures ultimately implemented.
Malicious cyber actors also pose a growing threat to pipelines. In 2008, the Baku-Tbilisi-Ceylan (BTC) pipeline in Turkey was hit by a cyber attack that released 30,000 barrels of oil onto the surrounding area. This was a targeted attack whereby hackers gained access to the control equipment of a valve station, intentionally increasing pressure in the pipeline and ultimately causing the pipeline to explode.
While the US has not experienced such an attack, successful attempts have been made – primarily by foreign actors – to gain access to the intellectual property of gas and oil companies. In 2012, the US DHS discovered a series of coordinated cyber attacks to gain access to natural gas companies' systems through the use of spear phishing emails. These emails were made to look like legitimate correspondence, but contained malicious software that can grant a hacker access to individual computers or the entire operating system. While it is unknown whether the attack was perpetrated in order to gain access control or harm the pipelines, it points to the growing need to prevent malicious intrusions that could jeopardize such complex infrastructure systems.
To better protect critical infrastructure in New Jersey, the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) serves as the cyber information-sharing conduit for government and private sector institutions. In this capacity, the NJCCIC can receive cyber incident reports and share timely cyber threat information in its effort to promote statewide awareness and widespread adoption of best practices.
For more information, please contact NJOHSP's Preparedness Bureau at Preparedness@njohsp.gov.